NetcPlus SmartServer3 DoS Vulnerability
BID:1965
Info
NetcPlus SmartServer3 DoS Vulnerability
| Bugtraq ID: | 1965 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 18 2000 12:00AM |
| Updated: | Jun 04 2007 09:40PM |
| Credit: | Discovered and posted to Bugtraq by Steven Alexander <[email protected]> on Nov 18, 2000. |
| Vulnerable: |
NetcPlus SmartServer3 3.75 |
| Not Vulnerable: | |
Discussion
NetcPlus SmartServer3 DoS Vulnerability
SmartServer3 is an email server designed for small networks.
The POP3 and SMTP services within SmartServer3 are prone to a denial-of-service issue. Submitting an unusually long argument to the User or Pass command in the POP3 service will cause the server to stop responding and refuse any new connections. An unusually long argument submitted to the SMTP service after the 'HELO' command will cause the server to stop responding, yet will still accept new connections. In either instance, a restart of the server is required to gain normal functionality.
Successful exploits could allow attackers to execute arbitrary commands, but this has not been confirmed.
SmartServer3 is an email server designed for small networks.
The POP3 and SMTP services within SmartServer3 are prone to a denial-of-service issue. Submitting an unusually long argument to the User or Pass command in the POP3 service will cause the server to stop responding and refuse any new connections. An unusually long argument submitted to the SMTP service after the 'HELO' command will cause the server to stop responding, yet will still accept new connections. In either instance, a restart of the server is required to gain normal functionality.
Successful exploits could allow attackers to execute arbitrary commands, but this has not been confirmed.
Exploit / POC
NetcPlus SmartServer3 DoS Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
NetcPlus SmartServer3 DoS Vulnerability
Solution:
The vendor reports that this issue was addressed shortly after it was discovered. However, this software has been discontinued; obtaining an update from the vendor is not possible.
Solution:
The vendor reports that this issue was addressed shortly after it was discovered. However, this software has been discontinued; obtaining an update from the vendor is not possible.