Preface: POP3 USER overflowLogo -Internet Security Systems

POP3 USER overflow
advICE :Intrusions : 2000701
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An attempt to break in to your system using a long user name.

Details

A very long user name, password, or file name often signals an intentional effort to overflow a buffer on a server. By constructing the data in a particular way, the intruder may be able to execute his own code on the attacked system.

 more information
advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
CERT: CA-97.09.imap_pop  
 
CERT: CA-98.08.qpopper_vul  
 
BugtraqID: 1652   XMail Buffer Overflow Vulnerability
 
BugtraqID: 1376   Netwin DMailWeb & CWMail Multiple DoS Vulnerabilities
A user name more than 240 characters causes a crash.  
BugtraqID: 1051   Atrium Software Mercur Mail Server 3.2 Buffer Overflow Vulnerability
A USER name of more than 3000 characters will cause the server to crash.  
BugtraqID: 877   Norton Antivirus 2000 POProxy USER Vulnerability
A long USER argument will cause a denial of service by crashing the POPRoxy program, forcing a reboot to restore email functionality.  
BugtraqID: 790   NetCPlus SmartServer3 POP Buffer Overflow Vulnerability
A user name of over 800 characters will cause an overflow.  
BugtraqID: 789   IMail POP3 Buffer Overflow Denial of Service Vulnerability
There is a buffer overflow in the username field when the username is between 200 and 500 characters.  
BugtraqID: 730   Internet Anywhere Mail Server Multiple Buffer Overflow Vulnerabilities
Vulnerable to buffer overflows in POP3 commands (LIST, RETR, UIDL, and USER) as well as SMTP commands (VRFY).  
BugtraqID: 634   FuseWare FuseMail POP Mail Buffer Overflow Vulnerability
Overflow exists for both USER and PASS fields.  
BugtraqID: 156   SCO POP Server Buffer Overflow Vulnerability
SCO's POP server is based upon Qualcomm's.  
BugtraqID: 133   Qualcomm POP Server Buffer Overflow Vulnerability
Any version prior to 2.5 is vulnerable to buffer overflows in USER and PASS commands, and any line longer than 1024.  
CIAC: K-009   Qpopper Buffer Overflow Vulnerability
 
BugtraqID: 1250   Alt-N MDaemon Mail Server DoS Vulnerability
 
BugtraqID: 942   Inter7 vpopmail (vchkpw) Buffer Overflow Vulnerability
 
CVE-2000-0091   vchkpw/vpopmail POP buffer overflow
 
CVE-2000-0399   Buffer overflow in MDaemon POP server user command.
 
CVE-1999-0006   qpopper pass overflow
 
CVE-1999-0042   UW's IMAP/POP
 
Other POP3 exploits  
 
Qpopper Home Page  
 
CVE-1999-0272   Denial of service in Slmail v2.5 through the POP3 port.
 
CVE-1999-0494   Denial of service in WinGate proxy through a buffer overflow in POP3.
 
NAI Advisory: 021   Remote vulnerability in imapd and ipop3d
 

 parametric information
lengthThe length of the POP3 login name.
login nameThe beginning portion of the login name.

 configuration for this item
login.maxname100The maximum length of a login name.

 
Version appeared:
Privacy Policy |  Copyright Info