Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer

From: Luciano Martins (luckat_private)
Date: Mon Nov 01 1999 - 00:57:34 PST

Next message: Mike Eldridge: "Re: AW: Mac OS 9 Idle Lock Bug"

Previous message: vendicatorat_private: "Stack Shield 0.6 beta relased"
Next in thread: Jesús López de Aguileta: "Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer overflow
vulnerability
Problem:

We found a remotely exploitable buffer overflow in the Avirt Mail Server
3.3a and a D.o.S
in the version 3.5, (long USER / PASS:) that may allow an attacker to
execute arbitrary code on the target server.
Example:


[hell@mordoc]$ telnet example.com 110    <<<< sorry are port 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK aVirt Mail POP3 Server Ready
user itsme
+OK
Pass [buffer]


Where [buffer] is aprox. 856 characters. At his point the server overflows
and crashes. Just a typical buffer overflow


Published by: USSRBACK

Luck Martins

To get binary or source code for 3.3a win98 Remote exploit go to
http:www.ussrback.com/avirtro/
To get binary or source code for 3.5 D.o.S go to
http:www.ussrback.com/avirtro/

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h

Next message: Mike Eldridge: "Re: AW: Mac OS 9 Idle Lock Bug"
Previous message: vendicatorat_private: "Stack Shield 0.6 beta relased"
Next in thread: Jesús López de Aguileta: "Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:17 PDT