Internet Anywhere邮件服务器RETR拒绝服务漏洞

19次阅读
没有评论

Internet Anywhere邮件服务器RETR拒绝服务漏洞

漏洞ID 1105707 漏洞类型 其他
发布时间 2000-02-10 更新时间 2005-07-27
Internet Anywhere邮件服务器RETR拒绝服务漏洞CVE编号 CVE-2000-0139
Internet Anywhere邮件服务器RETR拒绝服务漏洞CNNVD-ID CNNVD-199912-026
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19748
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-026
|漏洞详情
InternetAnywherePOP3邮件服务器存在漏洞。本地用户借助畸形RETR命令引发拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/982/info


Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson error message will appear reporting an access violation by MailServer.exe. Restarting the mail server will resume functionality. This denial of service attack does not affect other running programs, and requires the attacker to have a valid username and password on the POP3 server. 

telnet target 110
+OK POP3 Welcome to someco.com using the Internet Anywhere Mail Server Version:3.1.3. Build: 1065 by True North Software, Inc. <[email protected]>
user username
+OK valid
pass password
+OK Authorized
RETR 11111111111
|参考资料

来源:BID
名称:982
链接:http://www.securityfocus.com/bid/982
来源:BUGTRAQ
名称:20000210remoteDoSonInternetAnywhereMailServerVer.3.1.3
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=95021326417936&w;=2

相关推荐: WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities 漏洞ID 1097399 漏洞类型 Input Validation Error 发布时间 2004-12-21…

正文完
 0