www.r34ct.tk

     			      Security Advisory



Advisory name : VPOP3 2.0.0k Denial of Service attack [ Buffer 
Overflow]
Release date : 19/07/2004
Application : VPOP3 2.0.0k by Paul Smith computer services
Platform : Windows (all)
Severity : Medium
Author: papabfs


Description:
VPOP3 is a POP3 & SMTP mail  windows-based server with Webmail 
services.It 
is a rather helpfull
server application with a lot of potentials.During security search on 
this 
application ,
a vulnerability found which allows remote attackers compromise the 
server 
,forcing
to its crashing.


Details:
Loggin-In the Webmail service , which VPOP3 provides ,where the 
vulanarability is found ,specificaly,
in users or admin's "Message List" .By accessing in the "Message List" 
section with a typical
net browser , so as to manage our mail , in our browser's address bar 
appears a new URL which is


URL :
http://[host]:5108/messagelist.html?auth=MDA4MDA2MTQ6MTI3LjAuMC4xOmRpbWl0cmlz&msgliststart=0&msglistlen=10&sortfield=date&sortorder=A


Paying attention to a single parametre : msglistlen=10


By this variable the mail-cells are set in the mailbox.By changing the 
value 
we can create more mail-cells or we can deacrese the number of
appearing cells .However , changing the value of this variable by 
adding a 
very big number like :



msglistlen=1000000000000000000000000000000000000000000000000000000000000000000000000000000000000......more..zeros..[enough 
:)!]


, this will lead the server to crash [ CAUSE: OUT OF MEMORY ]







==CREDITS==============================================
r34ct Crew : dr_insane , papabfs
URL: http://members.lycos.co.uk/r34ct/
Contact: dr_insane@pathfinder.gr or papabfs@hotmail.com
onIRC: #r34ct GRnet
			-=RESPECt=-
=======================================================

Author Notice : The specific application is under heavy reasearch by 
our 
crew in order to bring more "bugs" to the surface, so as to ensure a
safe - software world.
r34ct Crew wishes to thank our supporters and friends  .


.|. oO .|,  	papabfs
   fuX