Bugtraq mailing list archives
RE: Nortan Antivirus 2000 Poproxy.exe problem
From: Franklin DeMatto <franklin () qDefense com>
Date: Fri, 25 May 2001 1:2:39 -0600
This was a known problem, already publicised in 1999. Symantec fixed it, and also had POPROXY.EXE bind to 127 so as to only accept connections from localhost. See http://www.securityfocus.com/bid/877 Franklin DeMatto franklin () qDefense com qDefense - DEFENDING THE ELECTRONIC FRONTIER ----- qDefense offers a wide variety of services at affordable prices See http://qDefense.com/Services/services.html Original messages:
Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000... While messing around with this i crashed the server by sending it too many characters (269 or more).
Example: perl -e '{print "A"x269}' |nc 10.0.2.1 110 where 10.0.2.1 is the windows machine running poproxy.exe
Can anyone else confirm this?
Hi! I am having difficulty confirming this for two reasons. Perhaps I am doing something wrong. I am running Norton Antivirus 2000 with poproxy.exe on MS Outlook 2000. poproxy.exe SEEMS to only bind to localhost (127.0.0.1) instead of my IP on the network (192.168.0.24). If I try to telnet to port 110 from another Windows machine, it cannot connect. If I try to telnet to 127.0.0.1 from my own machine, it connects fine. Once I did connect to it from localhost, I sent 269+ chars to it and only received back "-ERR". I did not experience a crash. Again, perhaps I'm doing something wrong.
Current thread:
- Nortan Antivirus 2000 Poproxy.exe problem bugtraq (May 24)
- RE: Nortan Antivirus 2000 Poproxy.exe problem Matthew Connor (May 24)
- RE: Nortan Antivirus 2000 Poproxy.exe problem Tom Laermans (May 28)
- Re: Nortan Antivirus 2000 Poproxy.exe problem Craig Bernstein (May 28)
- Re: Nortan Antivirus 2000 Poproxy.exe problem Eric Chien (May 28)
- <Possible follow-ups>
- RE: Nortan Antivirus 2000 Poproxy.exe problem Franklin DeMatto (May 28)
- Re: Nortan Antivirus 2000 Poproxy.exe problem gattaca (May 28)
- RE: Nortan Antivirus 2000 Poproxy.exe problem Matthew Connor (May 24)