Vulnerability Development mailing list archives

Re: Buffer overflow on Lotus Notes' POP3 service

From: LL <leolistas () MAILANDNEWS COM>
Date: Wed, 14 Feb 2001 23:26:17 -0300

Mike,

There's a similar bug under NT 4.0 that was disclosed as a DoS only, but
actullay it's exploitable. Maybe it's the same case on your linux box.

my $0.2

Ptry234



-----Mensaje original-----
De: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]En nombre de Michel
Arboi
Enviado el: Tuesday, February 13, 2001 4:45 PM
Para: VULN-DEV () SECURITYFOCUS COM
Asunto: Buffer overflow on Lotus Notes' POP3 service


I ran Nessus 1.0.7a against a Linux box running Lotus Notes 5.0.6a
The POP3 service crashed (SIGSEGV) and the server said it freezed all
its threads (nice DoS).

Apparently, Nessus sent:
USER test
PASS xxxxxxx[snip]

I did not find this bug in the archives. I did not check if it could be
exploited or if other systems/versions are vulnerable.


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year!  http://personal.mail.yahoo.com/

Current thread:

Buffer overflow on Lotus Notes' POP3 service Michel Arboi (Feb 13)
- Re: Buffer overflow on Lotus Notes' POP3 service Michel Arboi (Feb 14)
- Re: Buffer overflow on Lotus Notes' POP3 service LL (Feb 14)