Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 10 Nov 1999 06:38:20 -0300

Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability

PROBLEM:
UssrLabs found multiple places in XtraMail v1.11 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.

Example:
The pop3 (110) service has an overflow in the login function.
+OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:14:18 +-300
user itsme
+OK <itsme>
pass (buffer)

Where buffer is 1500 characters.

The SMTP (25) service has an overflow in the login function.
220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:16:14 +-300
helo (buffer)
Where buffer is 10000 characters.

The Control Service (32000) service has an overflow in the login function.
XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
 99  06:20:11 +-300
Username:  (buffer)
Where buffer is 10000 characters.

Vendor Status:
Not Contacted

Vendor   Url: http://www.artisoft.com/
Program Url: http://netsales.net/pk.wcgi/artisoft/xtramail

Credit: USSRLABS

SOLUTION
    Nothing yet.
Previous By Date Next
Previous By Thread Next

Current thread: