[12506] in bugtraq
Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11
daemon@ATHENA.MIT.EDU (Ussr Labs)
Wed Nov 10 12:24:25 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBKFKDOLAGKIAPMILPEEKJCAAA.labs@ussrback.com>
Date: Wed, 10 Nov 1999 06:38:20 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To: BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability
PROBLEM:
UssrLabs found multiple places in XtraMail v1.11 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.
Example:
The pop3 (110) service has an overflow in the login function.
+OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
99 06:14:18 +-300
user itsme
+OK <itsme>
pass (buffer)
Where buffer is 1500 characters.
The SMTP (25) service has an overflow in the login function.
220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
99 06:16:14 +-300
helo (buffer)
Where buffer is 10000 characters.
The Control Service (32000) service has an overflow in the login function.
XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10
Nov
99 06:20:11 +-300
Username: (buffer)
Where buffer is 10000 characters.
Vendor Status:
Not Contacted
Vendor Url: http://www.artisoft.com/
Program Url: http://netsales.net/pk.wcgi/artisoft/xtramail
Credit: USSRLABS
SOLUTION
Nothing yet.
