Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Nortan Antivirus 2000 Poproxy.exe problem
From: Franklin DeMatto <franklin () qDefense com>
Date: Fri, 25 May 2001 1:2:39 -0600

This was a known problem, already publicised in 1999.

Symantec fixed it, and also had POPROXY.EXE bind
to 127 so as to only accept connections from localhost.

See http://www.securityfocus.com/bid/877

Franklin DeMatto
franklin () qDefense com
qDefense - DEFENDING THE ELECTRONIC FRONTIER

-----
qDefense offers a wide variety of services at affordable prices
See http://qDefense.com/Services/services.html


Original messages:

Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000... 
While messing around with this i crashed the server by sending it 
too many characters (269 or more). 


Example: 
perl -e '{print "A"x269}' |nc 10.0.2.1 110 
where 10.0.2.1 is the windows machine running poproxy.exe 


Can anyone else confirm this? 


Hi! I am having difficulty confirming this for two reasons. Perhaps I am 
doing something wrong. I am running Norton Antivirus 2000 with poproxy.exe 
on MS Outlook 2000. 
poproxy.exe SEEMS to only bind to localhost (127.0.0.1) instead of my IP on 
the network (192.168.0.24). If I try to telnet to port 110 from another 
Windows machine, it cannot connect. If I try to telnet to 127.0.0.1 from my 
own machine, it connects fine. Once I did connect to it from localhost, I 
sent 269+ chars to it and only received back "-ERR". I did not experience a 
crash. 


Again, perhaps I'm doing something wrong. 




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]