Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Unchecked buffer in PC-cillin

Unchecked buffer in PC-cillin

by Nikola Strahija on December 10th, 2002 Advisory ID : TEXONET-20021210 Authors : Joel Soderberg and Christer Oberg ([email protected]) Issue date : 12-10-2002 Application : PC-cillin (OfficeScan Corp. Edition 5.02) Version(s) : 2000, 2002 and 2003 Platforms : Windows 98/ME/2000/XP Availability : http://www.texonet.com/advisories/TEXONET-20021210.txt


Problem:
----------------------------------------------------------------------------
-
PC-cillin has an unchecked buffer in pop3trap.exe


Description:
----------------------------------------------------------------------------
-
PC-cillin comes with a mail scanning feature that scans all incoming mail
for
viruses, this is accomplished by connecting the mail client to a local
service
listening on port 110 (pop3). This service is only listening for connections
from the local machine and acts as a proxy. The program running this service
is pop3trap.exe. Connecting to the local port 110 and sending a lot of
characters will crash the program with a direct hit on the EIP, this makes
it
possible to run malicious code. The code will be run using the privileges of
the user owning the pop3trap.exe process.

Example 1: perl -e " print "a"x1100" |nc 127.0.0.1 110

Example 2: http://127.0.0.1:110/[put 1100 a's here]



Workaround:
----------------------------------------------------------------------------
-
Download the appropriate Service Pack from:

http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982


Disclosure Timeline:
----------------------------------------------------------------------------
-
11/14/2002: Vendor notified by e-mail
11/15/2002: Standard support reply received from vendor
11/15/2002: Requested contact information from vendor
11/15/2002: Reply received from vendor with contact recommendations
11/15/2002: Advisory sent in accordance to vendors recommendations
11/21/2002: Vendor has verified the issue and is working on the solution
12/10/2002: Issue released to the public


About Texonet:
----------------------------------------------------------------------------
-
Texonet is a Swedish based security company with a focus on penetration
testing / security assessments, research and development.


Contacting Texonet:
----------------------------------------------------------------------------
-
E-mail: [email protected]
Homepage: http://www.texonet.com/
Phone: +46-8-55174611


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »