This was a known problem, already publicised in 1999. Symantec fixed it, and also had POPROXY.EXE bind to 127 so as to only accept connections from localhost. See http://www.securityfocus.com/bid/877 Franklin DeMatto franklinat_private qDefense - DEFENDING THE ELECTRONIC FRONTIER ----- qDefense offers a wide variety of services at affordable prices See http://qDefense.com/Services/services.html Original messages: >Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000... >While messing around with this i crashed the server by sending it >too many characters (269 or more). >Example: >perl -e '{print "A"x269}' |nc 10.0.2.1 110 >where 10.0.2.1 is the windows machine running poproxy.exe >Can anyone else confirm this? Hi! I am having difficulty confirming this for two reasons. Perhaps I am doing something wrong. I am running Norton Antivirus 2000 with poproxy.exe on MS Outlook 2000. poproxy.exe SEEMS to only bind to localhost (127.0.0.1) instead of my IP on the network (192.168.0.24). If I try to telnet to port 110 from another Windows machine, it cannot connect. If I try to telnet to 127.0.0.1 from my own machine, it connects fine. Once I did connect to it from localhost, I sent 269+ chars to it and only received back "-ERR". I did not experience a crash. Again, perhaps I'm doing something wrong.
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 13:55:18 PDT