roverpop3.dos.txt

1999-12-28T00:00:00
ID PACKETSTORM:11044
Type packetstorm
Reporter Underground Security Systems Research
Modified 1999-12-28T00:00:00

Description

                                        
                                            `  
Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt  
  
USSR Advisory Code: USSR-99025  
  
Release Date:  
December 27, 1999 [1/5]  
  
Systems Affected:  
Rover POP3 Server V1.1 NT and possibly others versions.  
  
About The Software:  
Rover POP3 Server V1.1 NT From aVirt, is a full-featured Internet/Intranet  
server software  
package that includes: POP3, and SMTP ( Ports 25/110 )  
  
THE PROBLEM  
  
UssrLabs found a Local / Remote Buffer overflow,the buffer overflow is  
caused by a long user name, 10000 characters, and the re-connection  
to the Server.  
  
Do you do the w00w00?  
This advisory also acts as part of w00giving. This is another contribution  
to w00giving for all you w00nderful people out there. You do know what  
w00giving is don't you? http://www.w00w00.org/advisories.html  
  
Binary or source for this Dos:  
  
http://www.ussrback.com/  
  
Vendor Status:  
Contacted.  
  
Vendor Url: http://www.avirt.com/  
Program Url: http://www.avirt.com/  
  
Credit: USSRLABS  
  
SOLUTION  
Upgrade to: Avirt Mail 3.5 or Avirt Mail v4 RC1 (Rover now is a discontinued  
Program).  
  
Greetings:  
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic and  
Wiretrip.  
  
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h  
http://www.ussrback.com  
  
  
  
`