| VID |
18009 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP mail server contains a buffer overflow that could be used to launch a denial of service attack or execute arbitrary code via a long HELO command.
Several freeware, shareware, and commercial SMTP servers contain buffer overflows. Different SMTP commands can cause the SMTP server to crash or to execute arbitrary byte-code that could lead to a system compromise. For example, the Seattle Lab SLMail SMTP server software contains overflows in the VRFY and EXPN commands. AppleShare, Stalker, and Mercury SMTP servers contain overflows in the HELO command as well. Other lesser-known SMTP servers may also contain overflows.
* Warning: The mail server may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
Manually test for this vulnerability by connecting to port 25 on your computer and sending the appropriate command (HELO, VRFY, or EXPN), followed by at least 1024 X's. If the SMTP server returns an OK or an error message, then you are not vulnerable. If your connection closes immediately, then the system is most likely vulnerable.
* References:
http://www.iss.net/security_center/static/886.php
http://online.securityfocus.com/archive/1/8748 |
| Recommendation |
If the system is vulnerable, then it may have already been compromised. If the attack was a denial of service attack, restart the SMTP server. Watch for further attacks from the source address. Contact the vendor of the SMTP server for a patch.
For more details, refer to the following sites:
BugTraq Mailing List, Wed Mar 11 1998 17:44:56, "SLMail 2.6 DoS" at http://www.securityfocus.com/archive/1/8748
BugTraq Mailing List, Wed Apr 08 1998 04:10:25, "smtp overflows" at http://www.securityfocus.com/archive/1/8947
BugTraq Mailing List, Wed Apr 08 1998 13:34:09, "Re: AppleShare IP Mail Server" at http://www.securityfocus.com/archive/1/8951
BugTraq Mailing List, Wed Apr 08 1998 18:11:17, "AppleShare IP Mail Server" at http://www.securityfocus.com/archive/1/8952
Seattle Labs, Inc. Web site, "SLmail Overview" at http://www.seattlelabs.com/slmail/ |
| Related URL |
CVE-1999-0531 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
