[20787] in bugtraq
RE: Nortan Antivirus 2000 Poproxy.exe problem
daemon@ATHENA.MIT.EDU (Franklin DeMatto)
Mon May 28 16:54:43 2001
Message-Id: <200105250502.BAA11283@qDefense.com>
From: Franklin DeMatto <franklin@qDefense.com>
To: <bugtraq@securityfocus.com>
Date: Fri, 25 May 2001 1:2:39 -0600
This was a known problem, already publicised in 1999.
Symantec fixed it, and also had POPROXY.EXE bind
to 127 so as to only accept connections from localhost.
See http://www.securityfocus.com/bid/877
Franklin DeMatto
franklin@qDefense.com
qDefense - DEFENDING THE ELECTRONIC FRONTIER
-----
qDefense offers a wide variety of services at affordable prices
See http://qDefense.com/Services/services.html
Original messages:
>Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000...
>While messing around with this i crashed the server by sending it
>too many characters (269 or more).
>Example:
>perl -e '{print "A"x269}' |nc 10.0.2.1 110
>where 10.0.2.1 is the windows machine running poproxy.exe
>Can anyone else confirm this?
Hi! I am having difficulty confirming this for two reasons. Perhaps I am
doing something wrong. I am running Norton Antivirus 2000 with poproxy.exe
on MS Outlook 2000.
poproxy.exe SEEMS to only bind to localhost (127.0.0.1) instead of my IP on
the network (192.168.0.24). If I try to telnet to port 110 from another
Windows machine, it cannot connect. If I try to telnet to 127.0.0.1 from my
own machine, it connects fine. Once I did connect to it from localhost, I
sent 269+ chars to it and only received back "-ERR". I did not experience a
crash.
Again, perhaps I'm doing something wrong.
