[ Denial of service? There is nothing like PR damage control. - a1 ] ---------- Forwarded message ---------- Date: Fri, 10 Jul 1998 22:54:07 GMT From: Lee Thompson <ltat_private> To: NTBUGTRAQat_private Subject: Seattle Lab fixes security issue in SLmail -- Beta release corrects denial of service problem -- BOTHELL, WA, July 10, 1998 -- Recently a security problem was discovered = with the release versions of both SLmail 3.0 for Windows NT and SLmail 2.6 for Windows 95.= =20 Specifically, the problem is a denial of service attack, which is usually= initiated from outside the mail server site. If the MAIL FROM: line in the SMTP = envelope exceeds 256 characters, it causes a critical error in SLmail's router and causes the = SLmail.exe service to shut down. "Security is an extremely important priority to us at Seattle Lab," said = President L.A. Heberlein. "As soon as we were notified yesterday, we focused intensely= on correcting the problem, and we achieved a fix within twenty-four hours of first = hearing about it." The fix was incorporated in beta versions of SLmail 3.1 and SLmail 2.7. = Customers who would like to receive the beta versions should contact = betaadminat_private Please put the product serial number in the subject line. We will post the = release versions of these programs to our download site as soon as testing is completed. _ Lee Thompson ltat_private Seattle Lab Inc. http://www.seattlelab.com Product Manager
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:25 PDT