www.r34ct.tk
Security Advisory
Advisory name : VPOP3 2.0.0k Denial of Service attack [ Buffer
Overflow]
Release date : 19/07/2004
Application : VPOP3 2.0.0k by Paul Smith computer services
Platform : Windows (all)
Severity : Medium
Author: papabfs
Description:
VPOP3 is a POP3 & SMTP mail windows-based server with Webmail
services.It
is a rather helpfull
server application with a lot of potentials.During security search on
this
application ,
a vulnerability found which allows remote attackers compromise the
server
,forcing
to its crashing.
Details:
Loggin-In the Webmail service , which VPOP3 provides ,where the
vulanarability is found ,specificaly,
in users or admin's "Message List" .By accessing in the "Message List"
section with a typical
net browser , so as to manage our mail , in our browser's address bar
appears a new URL which is
URL :
http://[host]:5108/messagelist.html?auth=MDA4MDA2MTQ6MTI3LjAuMC4xOmRpbWl0cmlz&msgliststart=0&msglistlen=10&sortfield=date&sortorder=A
Paying attention to a single parametre : msglistlen=10
By this variable the mail-cells are set in the mailbox.By changing the
value
we can create more mail-cells or we can deacrese the number of
appearing cells .However , changing the value of this variable by
adding a
very big number like :
msglistlen=1000000000000000000000000000000000000000000000000000000000000000000000000000000000000......more..zeros..[enough
:)!]
, this will lead the server to crash [ CAUSE: OUT OF MEMORY ]
==CREDITS==============================================
r34ct Crew : dr_insane , papabfs
URL: http://members.lycos.co.uk/r34ct/
Contact: dr_insane@pathfinder.gr or papabfs@hotmail.com
onIRC: #r34ct GRnet
-=RESPECt=-
=======================================================
Author Notice : The specific application is under heavy reasearch by
our
crew in order to bring more "bugs" to the surface, so as to ensure a
safe - software world.
r34ct Crew wishes to thank our supporters and friends .
.|. oO .|, papabfs
fuX