------------------------------------------------------------------------
----
-
Texonet Security Advisory 20021210
------------------------------------------------------------------------
----
-
Advisory ID : TEXONET-20021210
Authors : Joel Soderberg and Christer Oberg (advisories (at) texonet (dot) com [email concealed])
Issue date : 12-10-2002
Application : PC-cillin (OfficeScan Corp. Edition 5.02)
Version(s) : 2000, 2002 and 2003
Platforms : Windows 98/ME/2000/XP
Availability : http://www.texonet.com/advisories/TEXONET-20021210.txt
------------------------------------------------------------------------
----
-
Problem:
------------------------------------------------------------------------
----
-
PC-cillin has an unchecked buffer in pop3trap.exe
Description:
------------------------------------------------------------------------
----
-
PC-cillin comes with a mail scanning feature that scans all incoming mail
for
viruses, this is accomplished by connecting the mail client to a local
service
listening on port 110 (pop3). This service is only listening for connections
from the local machine and acts as a proxy. The program running this service
is pop3trap.exe. Connecting to the local port 110 and sending a lot of
characters will crash the program with a direct hit on the EIP, this makes
it
possible to run malicious code. The code will be run using the privileges of
the user owning the pop3trap.exe process.
Example 1: perl -e " print \"a\"x1100" |nc 127.0.0.1 110
Example 2: http://127.0.0.1:110/[put 1100 a's here]
Workaround:
------------------------------------------------------------------------
----
-
Download the appropriate Service Pack from:
Disclosure Timeline:
------------------------------------------------------------------------
----
-
11/14/2002: Vendor notified by e-mail
11/15/2002: Standard support reply received from vendor
11/15/2002: Requested contact information from vendor
11/15/2002: Reply received from vendor with contact recommendations
11/15/2002: Advisory sent in accordance to vendors recommendations
11/21/2002: Vendor has verified the issue and is working on the solution
12/10/2002: Issue released to the public
About Texonet:
------------------------------------------------------------------------
----
-
Texonet is a Swedish based security company with a focus on penetration
testing / security assessments, research and development.
----
-
Texonet Security Advisory 20021210
------------------------------------------------------------------------
----
-
Advisory ID : TEXONET-20021210
Authors : Joel Soderberg and Christer Oberg (advisories (at) texonet (dot) com [email concealed])
Issue date : 12-10-2002
Application : PC-cillin (OfficeScan Corp. Edition 5.02)
Version(s) : 2000, 2002 and 2003
Platforms : Windows 98/ME/2000/XP
Availability : http://www.texonet.com/advisories/TEXONET-20021210.txt
------------------------------------------------------------------------
----
-
Problem:
------------------------------------------------------------------------
----
-
PC-cillin has an unchecked buffer in pop3trap.exe
Description:
------------------------------------------------------------------------
----
-
PC-cillin comes with a mail scanning feature that scans all incoming mail
for
viruses, this is accomplished by connecting the mail client to a local
service
listening on port 110 (pop3). This service is only listening for connections
from the local machine and acts as a proxy. The program running this service
is pop3trap.exe. Connecting to the local port 110 and sending a lot of
characters will crash the program with a direct hit on the EIP, this makes
it
possible to run malicious code. The code will be run using the privileges of
the user owning the pop3trap.exe process.
Example 1: perl -e " print \"a\"x1100" |nc 127.0.0.1 110
Example 2: http://127.0.0.1:110/[put 1100 a's here]
Workaround:
------------------------------------------------------------------------
----
-
Download the appropriate Service Pack from:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982
Disclosure Timeline:
------------------------------------------------------------------------
----
-
11/14/2002: Vendor notified by e-mail
11/15/2002: Standard support reply received from vendor
11/15/2002: Requested contact information from vendor
11/15/2002: Reply received from vendor with contact recommendations
11/15/2002: Advisory sent in accordance to vendors recommendations
11/21/2002: Vendor has verified the issue and is working on the solution
12/10/2002: Issue released to the public
About Texonet:
------------------------------------------------------------------------
----
-
Texonet is a Swedish based security company with a focus on penetration
testing / security assessments, research and development.
Contacting Texonet:
------------------------------------------------------------------------
----
-
E-mail: advisories (at) texonet (dot) com [email concealed]
Homepage: http://www.texonet.com/
Phone: +46-8-55174611
[ reply ]