Bugtraq mailing list archives
Re: SLMail 2.6 DoS - Imail also
From: mark.symons () za eds com (Mark Symons)
Date: Tue, 17 Mar 1998 22:28:12 +0200
There have recently been a couple of messages concerning DoS attacks on NT-based SLMail and IMail SMTP servers. At the end of January, a similar report was made concerning IMail's POP3 server. Jon[SMTP:steven () EFNI COM] wrote:
A long string of text after a command makes the program (SLMail) crash.
(Snip)
It will stay unresponsive until manually restarted.
(Snip)
Out of boredom, I tried another smtp daemon for Windows, IMail (I tried 4.03) by IPSwitch (www.ipswitch.com). Which crashed the same way. Pretty strange, I've only tried two windowsNT smtp daemons, and both crashed the same way...
I cannot comment on SLMail, but John Junod (author of IMail) says the following: # That "bug" by the way, doesn't cause IMail any problems. # It only causes the "hacker" a problem since IMail won't # release the connection and won't accept any more input # from them until they drop the connection and reconnect. # It does not affect any other sessions to the SMTP server. # The session does drop cleanly freeing all resources as # designed either when the "hacker" breaks the connection # or when the timeout occurs, whichever occurs first. Mark Symons EDS Africa mark.symons () za eds com
Current thread:
- Re: SLMail 2.6 DoS - Imail also Mark Symons (Mar 17)