---------- Forwarded message ---------- Date: 22 Sep 1998 02:27:04 -0000 From: announce-outgoingat_private Cc: recipient list not shown: ; Subject: [rootshell] Security Bulletin #24 www.rootshell.com Security Bulletin #24 September 21st, 1998 [ http://www.rootshell.com/ ] ---------------------------------------------------------------------- To unsubscribe from this mailing list send e-mail to majordomoat_private with "unsubscribe announce" in the BODY of the message. Send submissions to infoat_private Messages sent will not be sent to other members on this list unless it is featured in a security bulletin. An archive of this list is available at : http://www.rootshell.com/mailinglist-archive ---------------------------------------------------------------------- 01. DoS attack in the latest version of SLMail (3.1) ---------------------------------------------------- >From mnemonixat_private Mon Sep 21 18:56:12 1998 Date: Tue, 22 Sep 1998 02:11:32 +0100 From: Mnemonix <mnemonixat_private> To: submissionat_private Subject: DoS attack in the latest version of SLMail (3.1) Dear All, The latest version of SLMail is susceptible to a denial of service attack whereby if the encrypted password of the user account is the default 24 characters in length plus another 177 charcters (making 201 characters all in all) and the user, whose account it is, attempts to authenticate to the POP3 service (slmail.exe) the process dies needing an administrator to restart the service. When the slmail.exe process is studied in NTRegMon you can see what's happening: The USER command causes a spill when slmail.exe checks the registry for the user account's existence but it is only after it checks a second time, after the PASS command, that the process actually dies. The previous issue I had with earlier version whereby the Everyone group has "set value" permissions to the relevant registry keys still applies. It makes you wonder if any other NT services may be susceptible to a similar problem. Cheers, Mnemonix http://www.infowar.co.uk/mnemonix http://www.diligence.co.uk ---------------------------------------------------------------------- To unsubscribe from this mailing list send e-mail to majordomoat_private with "unsubscribe announce" in the BODY of the message. Send submissions to infoat_private Messages sent will not be sent to other members on this list unless it is featured in a security bulletin. An archive of this list is available at : http://www.rootshell.com/mailinglist-archive ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:18 PDT