From vacuum@technotronic.com Thu Mar 16 17:33:22 2000 From: Vacuum X-Sender: vacuum@sword.damocles.com To: news@technotronic.com Date: Wed, 15 Mar 2000 00:11:42 -0600 (CST) Subject: Local / Remote Dos Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98 / NT Vulnerability ---------- Forwarded message ---------- From: "Ussr Labs" To: "TECHNOTRONIC" Subject: Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability Date: Wed, 15 Mar 2000 01:02:02 -0300 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability USSR Advisory Code: USSR-2000036 Release Date: March 16, 2000 Systems Affected: MERCUR WebMail-Client Version 1.0 port (1080) THE PROBLEM UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0 where they do not use proper bounds checking in the code who handle the GET commands The following all result in a Denial of Service against the service in question. Example: http://hostip:1080/mmain.html&mail_user=(buffer) Where [buffer] is aprox. 1000 characters. (0) Binary or source for this Exploit: http://www.ussrback.com/ Exploit: the Exploit, crash the remote machine service WebMail Vendor Status: informed Vendor Url: http://www.atrium-software.com Program Url: http://www.atrium-software.com/mercur/webview_e.html Credit: USSRLABS SOLUTION Noting yet. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOM8LOqVRYEYcg938EQJ8/ACfSJAEAsIfc7OfOFAqNxlbT5dzlJoAn2re 8EJDJnTgvMFtYl063aqyd4oY =27ye -----END PGP SIGNATURE-----