[13122] in bugtraq
Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3)
daemon@ATHENA.MIT.EDU (Steven Alexander)
Tue Dec 28 17:24:04 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <004e01bf50bd$9610d5f0$0202110a@cell2000>
Date: Mon, 27 Dec 1999 16:56:17 -0600
Reply-To: Steven Alexander <steve@CELL2000.NET>
From: Steven Alexander <steve@CELL2000.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Version 2.3.1 of True North Software's Internet Anywhere Mail Server contain
a buffer overflow vulnerability in it's POP3 mail server. By entering a
username that is more than a few hundred characters,
mailserv.exe will crash which will stop SMTP and POP3 as they are both
controlled by the same executable. Note that EIP is overwritten and remote
access can be gained.
The newest version, version 3.1.3 of the software is not vulnerable. All
users of
version 2.3.1 of the software should upgrade as v2.3.1 and other older
versions are no longer supported
by the vendor.
-Steven Alexander
steve@cell2000.net
