Bugtraq mailing list archives
Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 10 Nov 1999 06:38:20 -0300
Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability PROBLEM: UssrLabs found multiple places in XtraMail v1.11 where they do not use proper bounds checking. The following all result in a Denial of Service against the service in question. Example: The pop3 (110) service has an overflow in the login function. +OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:14:18 +-300 user itsme +OK <itsme> pass (buffer) Where buffer is 1500 characters. The SMTP (25) service has an overflow in the login function. 220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:16:14 +-300 helo (buffer) Where buffer is 10000 characters. The Control Service (32000) service has an overflow in the login function. XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:20:11 +-300 Username: (buffer) Where buffer is 10000 characters. Vendor Status: Not Contacted Vendor Url: http://www.artisoft.com/ Program Url: http://netsales.net/pk.wcgi/artisoft/xtramail Credit: USSRLABS SOLUTION Nothing yet.
Current thread:
- [Cobalt] Security Advisory - cgiwrap, (continued)
- [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
- Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
- FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
- Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
- Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)
- IE4/5 "file://" buffer overflow UNYUN (Nov 08)
- Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
- (no subject) Ejovi Nuwere (Nov 09)
- Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
- Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Chuck Phillips (Nov 07)