exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

labs58.txt

labs58.txt
Posted Dec 27, 2000
Site ussrback.com

USSR Advisory #58 - The 1st Up Mail Server v4.1 contains a buffer overflow in a long "mail from:" tag which can result in denial of service. Fix available here.

tags | denial of service, overflow
SHA-256 | b3f2abaf7829914bb59b16a6596355c2829b25a197a106b1184540398916f867

labs58.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

1st Up Mail Server v4.1 Buffer Overflow Vulnerability

USSR Advisory Code: USSR-2000058

Public Disclosure Date:
December 25, 2000

Vendors Affected:
Upland Ltd
http://www.upland.co.uk/

Systems Affected:
1st Up Mail Server v4.1

Problem:
The Ussr Team has recently discovered a Buffer Overflow in 1st Up
Mail Server v4.1 where they do not use proper bounds checking.
The overflow is in the field "mail from: <", a large number
of aaaaaa's "> (over 300). It then displays this message:

"Application popup: smtp server: smtp server.exe - Application Error
: The instruction at "0x00402f23" referenced memory at "0x61616161".
The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program "

This results in a Denial of Service against the service
in question.

Vendor Status:
Informed
Contacted
Patch Available

Fix:
Upgrade to version 1st Up Mail Server 4.1.4e

http://www.upland.co.uk/1stup/UpMailSetUp.EXE

Related Links:

Underground Security Systems Research:
http://www.ussrback.com

CrunchSp Product:
http://www.crunchsp.com

About:

USSR is an emerging security company based in South America.
We are devoted to network security research, vulnerability research,
and software protection systems. One of the main objectives of USSR
is to develop and implement cutting edge security and protection
systems
that cater to an evolving market.

We believe that the way we implement security solutions can make a
difference. CrunchSP is an example, providing a solution to software
piracy. Our solutions such as CrunchSP are devoted to protecting your
enterprise.

On a daily basis, we research, develop, discover and report
vulnerability information. We make this information freely available
via public forums such as BugTraq, and our advisory board located at
http://www.ussrback.com.

The USSR is a highly skilled, experienced team. Many USSR
programmers, as well as programmers of partners and affiliates, are
seasoned professionals, with 12 or more years of industry experience.
A
knowledge base of numerous computer applications as well as many high
and
low
level programming languages makes USSRback a diverse team of experts
prepared to serve the needs of any customer.

USSR has assembled some of the world's greatest software developers
and security consultants to provide our customers with a wide range
of enterprise level services. These services include:

* Network Penetration Testing
* Security Application development
* Application Security Testing and Certification
* Security Implementations
* Cryptography
* Emergency Response Team
* Firewalling
* Virtual Private Networking
* Intrusion Detection
* Support and maintenance

For more information, please contact us via email at
labs@ussrback.com.

Copyright (c) 1999-2000 Underground Security Systems Research.
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without explicit
consent of USSR. If you wish to reprint whole or any part of this
alert in any other medium excluding electronic medium, please e-mail
labs@ussrback.com for permission.

Disclaimer:
The information within this paper may change without notice. We may
not be held responsible for the use and/or potential effects of these
programs or advisories. Use them and read them at your own risk or
not at all. You solely are responsible for this judgment.

Feedback:

If you have any questions, comments, concerns, updates, or
suggestions please feel free to send them to:

Underground Security Systems Research
mail:labs@ussrback.com
http://www.ussrback.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOkgZctybEYfHhkiVEQIxMACg/F5Wz6duPU/rYa/TR2joTHtsECUAnRcx
LVFBJdQdmwP53C/Uz/LucF8/
=qQZu
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close