Bugtraq mailing list archives
SmartServer3 POP3
From: advisory+netcpop3 () BOS BINDVIEW COM (BindView Advisory)
Date: Thu, 11 Nov 1999 08:28:04 -0500
BindView Security Advisory SmartServer3 Remote Buffer Overflow Technical Advisory Issue date: 11/11/99 Contact: Andrew Reiter <areiter () bos bindview com> Topic ----- There is a buffer overflow in NetCPlus' SmartServer3 POP3 server which can allow a remote attacker to execute arbitrary code on the machine. Affected Systems ---------------- Windows 95/98/NT machines running NetCPlus' SmartServer3 program with the POP3 server started. The version tested was 3.51.1 (built on 7/12/99). Overview -------- NetCPlus is the maker of low-cost business email solutions such as SmartServer3, BrowseGate, and MailTreeve. SmartServer3 is a product that contains SMTP and POP3 servers. The POP3 server, however, has a security vulnerability in the form of a buffer overflow. If one sends a large string (~1000 characters) to the POP3 server, the server replies with "-ERR non- existant command" (sic) and the POP3 server stops running. This causes a page fault in KERNEL32.DLL, but does not appear to be exploitable. However, when the string "USER <~800 char's>\r\n\r\n" is sent, a fault is caused in NCPOPSERV.EXE. This can be exploited to allow a remote attacker to execute arbitrary code on the victim server. Impact ------ Remote users can exploit a buffer overflow and execute commands on the POP3 server's machine. Appendix A, Software Information -------------------------------- NetCPlus Internet Solutions, Ltd. www.netcplus.com www.netcplus.co.uk NetCPlus is soon releasing SmartServer3 version 3.60 which fixes this security flaw. http://www.bindview.com/security --
Current thread:
- Re: rpc.nfsd exploit code, (continued)
- Re: rpc.nfsd exploit code Crispin Cowan (Nov 11)
- WU-FTPD Mnemonix (Nov 11)
- Re: WU-FTPD hayward () SLOTHMUD ORG (Nov 12)
- Re: rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 12)
- Re: rpc.nfsd exploit code Rogier Wolff (Nov 12)
- BIND NXT Bug Vulnerability Elias Levy (Nov 10)
- Re: BIND NXT Bug Vulnerability Richard Trott (Nov 10)
- Re: BIND NXT Bug Vulnerability Mike Iglesias (Nov 10)
- [RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2) Bill Nottingham (Nov 10)
- Re: [linux-security] Re: undocumented bugs - nfsd Olaf Kirch (Nov 11)
- SmartServer3 POP3 BindView Advisory (Nov 11)
- THE 12th ANNUAL FIRST CONFERENCE on COMPUTER SECURITY michele sensalari (Nov 11)
- OS/390 Interlink Stack DoS with nmap bugz () NAZGUL COM (Nov 11)
- Re: OS/390 Interlink Stack DoS with nmap bugz () NAZGUL COM (Nov 17)
- [Debian] New version of proftpd fixes remote exploits Aleph One (Nov 11)