Preface: POP3 password overflowLogo -Internet Security Systems

POP3 password overflow
advICE :Intrusions : 2000702
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An attempt to break in using a long password. A very long user name, password, or file name often signals an intentional effort to overflow a buffer on a server..

Details

By constructing the data in a particular way, the intruder may be able to execute his own code on the attacked system.

 more information
CERT: CA-97.09.imap_pop  
 
CERT: CA-98.08.qpopper_vul  
 
advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
eEye: Multiple Vulnerabilities in Mercur Mail Server  
 
BugtraqID: 791   Artisoft XtraMail Multiple DoS Vulnerabilities
Password of over 1500 characters overflows the buffer.  
BugtraqID: 755   aVirt Mail Server Buffer Overflow
Typical buffer overflow if more than 856 characters are sent.  
BugtraqID: 634   FuseWare FuseMail POP Mail Buffer Overflow Vulnerability
Overflow exists for both USER and PASS fields.  
BugtraqID: 133   Qualcomm POP Server Buffer Overflow Vulnerability
Any version prior to 2.5 is vulnerable to buffer overflows in USER and PASS commands, and any line longer than 1024.  
BugtraqID: 942  
 
CVE-1999-0759   Buffer overflow in FuseMAIL POP service via long USER and PASS commands.
 
CVE-2000-0091   vchkpw/vpopmail POP buffer overflow
 
CVE-1999-0042   UW's POP/IMAP
 
Other POP3 exploits  
 

 parametric information
lengthThe length of the password; if it is longer than a few hundred characters, then it may be a buffer overflow attempt.

 configuration for this item
login.maxpass100The maximum length of a password.

 
Version appeared:
Privacy Policy |  Copyright Info