https://www.exploit-db.com/exploits/23787
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-719

1stClassMailServer是一款多功能邮件服务程序。1stClassMailServer在处理APOP命令时对用户提交数据缺少充分检查，远程攻击者可以利用这个漏洞对EMAIL服务器进行缓冲区溢出攻击，可能以EMAIL服务器进程权限在系统上执行任意指令。传递包含超长字符串作为参数的APOP命令给服务器，可导致覆盖堆栈中保存的指令指针，精心构建提交数据可能以进程权限在系统上执行任意指令。

source: http://www.securityfocus.com/bid/9794/info

1st Class Mail Server has been reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on user-supplied data.

A remote attacker may pass excessive data as an argument for an APOP command passed to the affected server. The attacker may exploit this issue to corrupt a saved instruction pointer and in doing so may potentially influence execution flow of the affected service into attacker-supplied instructions.

APOP user AAAA ... [626 * A] ... AAAA

来源:XF
名称:1st-class-apop-dos(15314)
链接:http://xforce.iss.net/xforce/xfdb/15314
来源:www.zone-h.org
链接:http://www.zone-h.org/advisories/read/id=4047
来源:BID
名称:9794
链接:http://www.securityfocus.com/bid/9794
来源:OSVDB
名称:4129
链接:http://www.osvdb.org/4129
来源:www.digiti.be
链接:http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt
来源:SECUNIA
名称:11029
链接:http://secunia.com/advisories/11029
来源:SECTRACK
名称:1009279
链接:http://securitytracker.com/id?1009279
来源：NSFOCUS
名称：6126
链接：http://www.nsfocus.net/vulndb/6126