CVE-1999-1033
CVSS5.0
发布时间 :1999-05-11 00:00:00
修订时间 :2016-10-17 22:00:29
NMCOES    

[原文]Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.


[CNNVD]Outlook Express POP拒绝服务漏洞(CNNVD-199905-024)

        Microsoft Outlook Express 4.72.3612.1700之前的版本存在漏洞。恶意用户利用该漏洞发送一个包含..的消息可无意中导致Outlook重新进入POP3命令模式并且导致POP3会话挂起。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:outlook_express:4.27.3110.1
cpe:/a:microsoft:outlook_express:4.72.3120.0Microsoft outlook_express 4.72.3120
cpe:/a:microsoft:outlook_express:4.72.3612.1700Microsoft outlook_express 4.72.3612.1700

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1033
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1033
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199905-024
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=92647407427342&w=2
(UNKNOWN)  BUGTRAQ  19990511 Outlook Express Win98 bug
http://marc.info/?l=bugtraq&m=92663402004275&w=2
(UNKNOWN)  BUGTRAQ  19990512 Outlook Express Win98 bug, addition.
http://www.securityfocus.com/bid/252
(VENDOR_ADVISORY)  BID  252

- 漏洞信息

Outlook Express POP拒绝服务漏洞
中危 其他
1999-05-11 00:00:00 2005-10-20 00:00:00
远程  
        Microsoft Outlook Express 4.72.3612.1700之前的版本存在漏洞。恶意用户利用该漏洞发送一个包含..的消息可无意中导致Outlook重新进入POP3命令模式并且导致POP3会话挂起。

- 公告与补丁

        You must remove the message using some other POP3 email program or remove it manually at the server.

- 漏洞信息 (19207)

Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability (EDBID:19207)
windows dos
1999-05-11 Verified
0 Miquel van Smoorenburg
N/A [点击下载]
source: http://www.securityfocus.com/bid/252/info

A vulnerability in Outlook Express allows a malicious message sent to the users mailbox to halt POP mail download. The Microsoft tracking number of this issue is S2134 T6142.

A line with a single dot ('.') stands for EOM (end of message) in the POP3 mail transport protocol. If a message contains a single dot in a line is must be escaped by added an extra dot. However if at the IP level a line containing two such dots falls at a packet boundary such as the one dot is at the end of one packet and the other dot is at the end of the next packet Outlook Express will interpret the dot in the second packet as the EOM marker. This result in Outlook Express switching back to POP3 command mode and interpreting the rest of the message as a POP3 response. This normally result in an error message or the hanging of the session. The message will not be removed from the server and any further attempts will meet with the same result. 

Include a few thousand lines like this in an email and the bug will trigger:

So
.
this
.
might
.
actually
.
cause
.
the
. 		

- 漏洞信息

11415
Microsoft Outlook Express Forced POP3 Command Mode DoS
Context Dependent Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-05-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Outlook Express POP Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 252
Yes No
1999-05-11 12:00:00 2009-07-11 12:16:00
This vulnerability was published in the BUGTRAQ mailing list by Miquel van Smoorenburg <miquels@cistron.nl>.

- 受影响的程序版本

Microsoft Outlook Express 4.72.3120
Microsoft Outlook Express 4.27.3110
Microsoft Outlook Express 4.72.3612

- 不受影响的程序版本

Microsoft Outlook Express 4.72.3612

- 漏洞讨论

A vulnerability in Outlook Express allows a malicious message sent to the users mailbox to halt POP mail download. The Microsoft tracking number of this issue is S2134 T6142.

A line with a single dot ('.') stands for EOM (end of message) in the POP3 mail transport protocol. If a message contains a single dot in a line is must be escaped by added an extra dot. However if at the IP level a line containing two such dots falls at a packet boundary such as the one dot is at the end of one packet and the other dot is at the end of the next packet Outlook Express will interpret the dot in the second packet as the EOM marker. This result in Outlook Express switching back to POP3 command mode and interpreting the rest of the message as a POP3 response. This normally result in an error message or the hanging of the session. The message will not be removed from the server and any further attempts will meet with the same result.

- 漏洞利用

Include a few thousand lines like this in an email and the bug will trigger:

So
.
this
.
might
.
actually
.
cause
.
the
.

- 解决方案

You must remove the message using some other POP3 email program or remove it manually at the server.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站