Forwarded from: Saso Virag <sviragat_private> In message InfoSec News writes: >http://news.com.com/2100-1001-928055.html?tag=fd_top > >By David Becker >Staff Writer, CNET News.com >May 29, 2002, 3:30 PM PT > Malformed messages created using RFC 821 and 822, versions of the > SMTP format commonly used by e-mail programs, can cause the CPU of > the server receiving the message to run at 100 percent as it > attempts to read the message. Funnily enough, RFC 821 defines SMTP and RFC 822 defines how an e-mail message must look. I wonder how e-mail servers would work if they didn't conform to those two - now obsoleted by RFC 2822 and 2821 - standards. > The result would be a denial-of-service attack, with the affected > server unable to do anything until it finishes processing the > message. This seems like a far bigger issue than Exchange not properly handling malformed SMTP headers. > "Once the process starts, you can't stop it," he said, adding that > it could take a server anywhere from a few seconds to a few hours to > process a message. "The key here is that once the system gets hold > of that message, it's got to deal with it." The key issue here is, that systems administrator can't manually override the process and perhaps manually correct the problem. Badly engineered software. > The bulletin noted that creating such messages would require > specialized knowledge and software, as common e-mail clients such as > Outlook are incapable of creating RFC 821 or 822 content. :-) Common mail clients MUST be capable of creating e-mail messages conforming to RFC 821 and 822. Specialized knowledge and software? Yes, you need to read RFCs mentioned above and grok them. You also need to have a telnet client. Hardly specialized knowledge and software, is it? RFC is public document and telnet clients come with _every_ MS OS after 1995 or so. > "You'd have to be fairly sophisticated," Budd said. "This is not > something where somebody opens an e-mail client, puts a few bad > characters in a message, and sends it. It would basically require > someone to know the language of SMTP." Wooo. It takes spe-cia-li-zed knowledge. FUD at it's best. > Microsoft urged system administrators to promptly patch any Exchange > 2000 servers. Patch for this particular vulnerability? How about another patch giving administrators means to manually take the wrench out of the works before it completely destroys everything? Cheers, Saso - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 31 2002 - 08:08:39 PDT