www.r34ct.tk Security Advisory Advisory name : VPOP3 2.0.0k Denial of Service attack [ Buffer Overflow] Release date : 19/07/2004 Application : VPOP3 2.0.0k by Paul Smith computer services Platform : Windows (all) Severity : Medium Author: papabfs Description: VPOP3 is a POP3 & SMTP mail windows-based server with Webmail services.It is a rather helpfull server application with a lot of potentials.During security search on this application , a vulnerability found which allows remote attackers compromise the server ,forcing to its crashing. Details: Loggin-In the Webmail service , which VPOP3 provides ,where the vulanarability is found ,specificaly, in users or admin's "Message List" .By accessing in the "Message List" section with a typical net browser , so as to manage our mail , in our browser's address bar appears a new URL which is URL : http://[host]:5108/messagelist.html?auth=MDA4MDA2MTQ6MTI3LjAuMC4xOmRpbWl0cmlz&msgliststart=0&msglistlen=10&sortfield=date&sortorder=A Paying attention to a single parametre : msglistlen=10 By this variable the mail-cells are set in the mailbox.By changing the value we can create more mail-cells or we can deacrese the number of appearing cells .However , changing the value of this variable by adding a very big number like : msglistlen=1000000000000000000000000000000000000000000000000000000000000000000000000000000000000......more..zeros..[enough :)!] , this will lead the server to crash [ CAUSE: OUT OF MEMORY ] ==CREDITS============================================== r34ct Crew : dr_insane , papabfs URL: http://members.lycos.co.uk/r34ct/ Contact: dr_insane@pathfinder.gr or papabfs@hotmail.com onIRC: #r34ct GRnet -=RESPECt=- ======================================================= Author Notice : The specific application is under heavy reasearch by our crew in order to bring more "bugs" to the surface, so as to ensure a safe - software world. r34ct Crew wishes to thank our supporters and friends . .|. oO .|, papabfs fuX