Bugtraq mailing list archives

FTGate and POP3 protocol

From: wizdumb () UNIX ZA NET (Andrew Lewis)
Date: Sun, 2 Jul 2000 15:27:30 +0200


Yeah, it's official - it's a problem with the POP3 protocol rather than
with FTGate specifically. Other affected daemons are gnu-pop3d,
Post.Office, Sendmail for NT, Cubic's Circle for Unix, etc etc.

Although returning a -ERR code when an inalid username is given *is* RFC
compliant, and that there is the delay feature to slow-down bruteforcing,
it's still a fairly stupid idea. :/

Cheers,
Andrew Lewis / Wizdumb

wizdumb () leet org
www.mdma.za.net/fk

Current thread:

FTGate and POP3 protocol Andrew Lewis (Jul 02)
- Re: FTGate and POP3 protocol Roger Burton West (Jul 02)
- Re: FTGate and POP3 protocol Jeremy C. Reed (Jul 05)
- Patch for Flowerfire Sawmill Vulnerabilities Available Alfred Huger (Jul 06)