what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Vpop3.txt

Vpop3.txt
Posted Jul 24, 2004
Authored by Dr. Insane, papabfs | Site members.lycos.co.uk

VPOP3 2.0.0k is susceptible to a denial of service attack due to a buffer overflow.

tags | advisory, denial of service, overflow
SHA-256 | 6c22d9fddd0a36e540923cff600266688d963a50990b53967f54aac1f8833548
Download | Favorite | View

Vpop3.txt

Change Mirror Download
      www.r34ct.tk

                 Security Advisory



Advisory name : VPOP3 2.0.0k Denial of Service attack [ Buffer 
Overflow]
Release date : 19/07/2004
Application : VPOP3 2.0.0k by Paul Smith computer services
Platform : Windows (all)
Severity : Medium
Author: papabfs


Description:
VPOP3 is a POP3 & SMTP mail  windows-based server with Webmail 
services.It 
is a rather helpfull
server application with a lot of potentials.During security search on 
this 
application ,
a vulnerability found which allows remote attackers compromise the 
server 
,forcing
to its crashing.


Details:
Loggin-In the Webmail service , which VPOP3 provides ,where the 
vulanarability is found ,specificaly,
in users or admin's "Message List" .By accessing in the "Message List" 
section with a typical
net browser , so as to manage our mail , in our browser's address bar 
appears a new URL which is


URL :
http://[host]:5108/messagelist.html?auth=MDA4MDA2MTQ6MTI3LjAuMC4xOmRpbWl0cmlz&msgliststart=0&msglistlen=10&sortfield=date&sortorder=A


Paying attention to a single parametre : msglistlen=10


By this variable the mail-cells are set in the mailbox.By changing the 
value 
we can create more mail-cells or we can deacrese the number of
appearing cells .However , changing the value of this variable by 
adding a 
very big number like :



msglistlen=1000000000000000000000000000000000000000000000000000000000000000000000000000000000000......more..zeros..[enough 
:)!]


, this will lead the server to crash [ CAUSE: OUT OF MEMORY ]







==CREDITS==============================================
r34ct Crew : dr_insane , papabfs
URL: http://members.lycos.co.uk/r34ct/
Contact: dr_insane@pathfinder.gr or papabfs@hotmail.com
onIRC: #r34ct GRnet
      -=RESPECt=-
=======================================================

Author Notice : The specific application is under heavy reasearch by 
our 
crew in order to bring more "bugs" to the surface, so as to ensure a
safe - software world.
r34ct Crew wishes to thank our supporters and friends  .


.|. oO .|,    papabfs
   fuX

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close