|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1
Subject: Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1
From: Steven Alexander (steve
CELL2000.NET)
Date: Mon Dec 27 1999 - 16:56:17 CST
- Next message: Mudge: "L0pht Advisory: initscripts-4.48-1 RedHat Linux 6.1"
- Previous message: Brock Tellier: "IBM NetStation/UnixWare local root exploit"
- In reply to: Ussr Labs: "Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt"
- Next in thread: Ben Greenbaum: "Re: Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Reply: Steven Alexander: "Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Reply: Ben Greenbaum: "Re: Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Version 2.3.1 of True North Software's Internet Anywhere Mail Server contain
a buffer overflow vulnerability in it's POP3 mail server. By entering a
username that is more than a few hundred characters,
mailserv.exe will crash which will stop SMTP and POP3 as they are both
controlled by the same executable. Note that EIP is overwritten and remote
access can be gained.
The newest version, version 3.1.3 of the software is not vulnerable. All
users of
version 2.3.1 of the software should upgrade as v2.3.1 and other older
versions are no longer supported
by the vendor.
-Steven Alexander
stevecell2000.net
- Next message: Mudge: "L0pht Advisory: initscripts-4.48-1 RedHat Linux 6.1"
- Previous message: Brock Tellier: "IBM NetStation/UnixWare local root exploit"
- In reply to: Ussr Labs: "Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt"
- Next in thread: Ben Greenbaum: "Re: Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Reply: Steven Alexander: "Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Reply: Ben Greenbaum: "Re: Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Dec 28 1999 - 16:04:03 CST