| VID |
18023 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SLmail mail server contains a buffer overflow that could be used to launch a denial of service attack. SLmail is a commercial SMTP server for Windows 95 and Windows NT systems.
SLmail version 3.1 contains a vulnerability in how it handles HELO commands followed by 855 to 2041 characters that could allow a remote attacker to cause the service to consume all the processor resources on the server or simply crash. This hole has been confirmed in 3.1 but it is believed to affect previous versions.
* Warning: The mail server may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.iss.net/security_center/static/1720.php
http://www.eeye.com/html/Research/Advisories/AD19990204.html |
| Recommendation |
Upgrade to the latest version of SLmail (5.0 or later), available from the Seattle Lab Web site, http://www.seattlelab.com/SLmail/ |
| Related URL |
CVE-1999-0284 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
