Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11

From: Ussr Labs (labsat_private)
Date: Wed Nov 10 1999 - 01:38:20 PST

Next message: Brock Tellier: "Re: [Re: FreeBSD 3.3's seyon vulnerability]"

Previous message: Jefferson Ogata: "Re: Insecure handling of NetSol maintainer passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability

PROBLEM:
UssrLabs found multiple places in XtraMail v1.11 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.


Example:
The pop3 (110) service has an overflow in the login function.
+OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:14:18 +-300
user itsme
+OK <itsme>
pass (buffer)

Where buffer is 1500 characters.

The SMTP (25) service has an overflow in the login function.
220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:16:14 +-300
helo (buffer)
Where buffer is 10000 characters.

The Control Service (32000) service has an overflow in the login function.
XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:20:11 +-300
Username:  (buffer)
Where buffer is 10000 characters.


Vendor Status:
Not Contacted

Vendor   Url: http://www.artisoft.com/
Program Url: http://netsales.net/pk.wcgi/artisoft/xtramail

Credit: USSRLABS

SOLUTION
    Nothing yet.

Next message: Brock Tellier: "Re: [Re: FreeBSD 3.3's seyon vulnerability]"
Previous message: Jefferson Ogata: "Re: Insecure handling of NetSol maintainer passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:10:55 PDT