Norton AntiVirus POP3 Proxy buffer overflow
| nav-pop-user (3807) |  Medium Risk |
Description:
Norton AntiVirus 2000 has a POP3 proxy service (POProxy), which allows local clients to connect to Norton AntiVirus to scan for viruses before email attachments arrive in the users' mailbox. The POP3 proxy is vulnerable to a denial of service, caused by a buffer overflow in the USER command. A remote attacker can send a username containing more than 264 characters to the USER command to overflow the buffer and crash the proxy service.
Consequences:
Remedy:
Apply all of the latest program and definition updates, using the LiveUpdate, available from Symantec Service and Support. See References.
References:
- BugTraq Mailing List, Fri Dec 17 1999 - 10:34:07 CST: NAV2000 Email Protection DoS.
- BugTraq Mailing List, Mon Dec 20 1999 - 09:08:44 CST: Norton Email Protection Remote Overflow (Addendum).
- BugTraq Mailing List, Thu May 24 2001 - 06:59:25 CDT: Nortan Antivirus 2000 Poproxy.exe problem.
- Symantec Service and Support Web site: How to run LiveUpdate.
- w00w00 Security Development advisory w00giving '99 #11: [w00giving '99 #11] Norton Antivirus' POProxy.
- BID-2766: Norton Anti-Virus 2000 POProxy.exe Buffer Overflow Vulnerability
- BID-877: Norton Antivirus 2000 POProxy USER Vulnerability
- CVE-1999-1004: Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
- OSVDB ID: 6267: Symantec Norton Anti-Virus NAV2000 POProxy USER Overflow
Platforms Affected:
- Microsoft Windows 2003 Server
- Symantec Norton AntiVirus 2000
Reported:
Dec 30, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net