OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: FW: remote DoS on Internet Anywhere Mail Server Ver.3.1.3
From: MJE (markNTSHOP.NET)
Date: Fri Feb 11 2000 - 11:26:36 CST

Forwarded:

====================

Hello,

I've reported DoS probrems on Internet Anywhere Mail Server Ver.3.1.3
to supporttnsoft.com on 3rd Dec,99. They started to develop the fix.
But they said "we'll release the fix in couple of weeks" three times.
I've discussed with Jeff Moll(President of True North Software, Inc.)
and he allowed me to post these vulnerabilities.

1. RETR DoS in POP service
    +OK POP3 Welcome to somewhere.domain using the Internet Anywhere
    Mail Server Version: 3.1.3. Build: 1065 by True North Software,
    Inc.
    USER yellow
    +OK valid
    PASS pikapika
    +OK Authorized
    RETR 111111111111111111111111

    That's all. The Server could be dead at a little bit after
    atoi(). They should check return value of atoi().

2. multiple connections to port 25 DoS
    This is simple game, too.
    Too much connect()s about 3000, then you will see connection
    refused. After that, too much connect()s again about 800, then
    you can't connect anymore.
    It depends on memory size(I tested on 128MB RAM,total 256MB).
    They should check connection status.

Moderator of BUGTRAQ-JP
<Nobuo Miwa> n-miwalac.co.jp ( ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o-------------------------

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net