u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability

Artisoft XtraMail v1.11	Artisoft XtraMail v1.11 all services
	PROBLEM: UssrLabs found multiple places in XtraMail v1.11 where they do not use proper bounds checking. The following all result in a Denial of Service against the service in question. Example: The pop3 (110) service has an overflow in the login function. +OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:14:18 +-300 user itsme +OK pass (buffer) Where buffer is 1500 characters. The SMTP (25) service has an overflow in the login function. 220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:16:14 +-300 helo (buffer) Where buffer is 10000 characters. The Control Service (32000) service has an overflow in the login function. XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10 Nov 99 06:20:11 +-300 Username: (buffer) Where buffer is 10000 characters. Vendor Status: Not Contacted Vendor Url: http://www.artisoft.com/ Program Url: http://netsales.net/pk.wcgi/artisoft/xtramail Credit: USSRLABS SOLUTION Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h