[rootshell] Security Bulletin #24 (fwd)

From: Xavier Beaudouin (kiwiat_private)
Date: Tue Sep 22 1998 - 05:10:53 PDT

Next message: Mnemonix: "WARNING! SMTP Denial of Service in SLmail ver 3.1"

Previous message: Tobias Richter: "hylafax security hole in faxcron, xferstats and recvstats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: 22 Sep 1998 02:27:04 -0000
From: announce-outgoingat_private
Cc: recipient list not shown:  ;
Subject: [rootshell] Security Bulletin #24

www.rootshell.com
Security Bulletin #24
September 21st, 1998

[ http://www.rootshell.com/ ]

----------------------------------------------------------------------

To unsubscribe from this mailing list send e-mail to majordomoat_private
with "unsubscribe announce" in the BODY of the message.

Send submissions to infoat_private  Messages sent will not be sent to
other members on this list unless it is featured in a security bulletin.

An archive of this list is available at :
http://www.rootshell.com/mailinglist-archive

----------------------------------------------------------------------

01. DoS attack in the latest version of SLMail (3.1)
----------------------------------------------------

>From mnemonixat_private Mon Sep 21 18:56:12 1998
Date: Tue, 22 Sep 1998 02:11:32 +0100
From: Mnemonix <mnemonixat_private>
To: submissionat_private
Subject: DoS attack in the latest version of SLMail (3.1)

Dear All,

The latest version of SLMail is susceptible to a denial of service attack
whereby if the encrypted password of the user account is the default 24
characters in length plus another 177 charcters (making 201 characters all
in all) and the user, whose account it is, attempts to authenticate to the
POP3 service (slmail.exe) the process dies needing an administrator to
restart the service. When the slmail.exe process is studied in NTRegMon you
can see what's happening:

The USER command causes a spill when slmail.exe checks the registry for the
user account's existence but it is only after it checks a second time,
after the PASS command,  that the process actually dies.

The previous issue I had with earlier version whereby the Everyone group
has "set value" permissions to the relevant registry keys still applies.

It makes you wonder if any other NT services may be susceptible to a
similar problem.

Cheers,
Mnemonix

http://www.infowar.co.uk/mnemonix
http://www.diligence.co.uk

----------------------------------------------------------------------

To unsubscribe from this mailing list send e-mail to majordomoat_private
with "unsubscribe announce" in the BODY of the message.

Send submissions to infoat_private  Messages sent will not be sent to
other members on this list unless it is featured in a security bulletin.

An archive of this list is available at :
http://www.rootshell.com/mailinglist-archive

----------------------------------------------------------------------

Next message: Mnemonix: "WARNING! SMTP Denial of Service in SLmail ver 3.1"
Previous message: Tobias Richter: "hylafax security hole in faxcron, xferstats and recvstats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:18 PDT