[13028] in bugtraq
Re: Fw: NAV2000 Email Protection DoS
daemon@ATHENA.MIT.EDU (Hank Pike)
Tue Dec 21 15:16:41 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.21.9912201119540.3773-100000@dewey.east.sun.com>
Date: Mon, 20 Dec 1999 11:20:52 -0500
Reply-To: Hank Pike <hank.pike@SUN.COM>
From: Hank Pike <hank.pike@SUN.COM>
X-To: Bohemian <bohemian@OPTONLINE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001a01bf48fc$6e7e6980$2c44cea7@optonline.net>
If you remove the email client protection in the configuration of NAV 2000
it stops the POP server.
hp
On Fri, 17 Dec 1999, Bohemian wrote:
> I couldn't recreate this on my machine which is running Norton 2000. It's
> running a pop server on port 110 but any invalid input, like the one
> suggested below, causes immediate disconnection from the host. I just D/Led
> a software update for it, so maybe it was fixed.
>
> MrBohemian
> MCP
>
>
>
> ----- Original Message -----
> From: <kyle@RAGEOUT.ORG>
> To: <BUGTRAQ@SECURITYFOCUS.COM>
> Sent: Friday, December 17, 1999 11:34 AM
> Subject: NAV2000 Email Protection DoS
>
>
> > Hello, I just found somewhat of a problem in Symantec's Email protection
> > in NAV2000.
> >
> > The Protection program leaves a pop server running on the local
> > workstation NAV2000 is installed on.. This server can be crashed somewhat
> > like this
> > telnet 1.1.1.1
> > USER (over 1200 char)
> >
> > Then, GPF in windows98
> > POPROXY caused an invalid page fault in
> > module <unknown> at 0000:31393837.
> > Registers:
> > EAX=02bcfcbc CS=017f EIP=31393837 EFLGS=00010246
> > EBX=02bcfcbc SS=0187 ESP=02ad001c EBP=02ad003c
> > ECX=02ad00c0 DS=0187 ESI=817538c0 FS=4fbf
> > EDX=bff76855 ES=0187 EDI=02ad00e8 GS=0000
> > Bytes at CS:EIP:
> >
> > Stack dump:
> > bff76849 02ad00e8 02bcfcbc 02ad0104 02ad00c0 02ad01f4 bff76855 02bcfcbc
> > 02ad00d0 bff87fe9 02ad00e8 02bcfcbc 02ad0104 02ad00c0 31393837 02ad02ac
> >
> > In the time after the crash user must reboot to regain email function on
> > Workstation
> >
> >
> > This as been tested on 3 Machines Win98 SE Win95 rev B and Win95 rev C
> >
>
