Neohapsis Archives - Win2k Security Advice - DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04

LOCATION: Neohapsis / Archives / Win2k Security Advice / Message Index / DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Subject: DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04 From: Security Team (securityteam@DELPHISPLC.COM) Date: Thu Jun 01 2000 - 02:43:38 CDT Next message: Ussr Labs: "Re: Buffer Overflows with long file extensions in Windows" Previous message: Security Team: "DST2K0006: Denial of Service Possibility in Imate WebMail Server v2.5" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] > ========================================================================== > ====== > Delphis Consulting Plc > ========================================================================== > ====== > > Security Team Advisories > [30/05/2000] > > > securityteam@delphisplc.com > [http://www.delphisplc.com/thinking/whitepapers/] > > ========================================================================== > ====== > Adv : DST2K0007 > Title : Buffer Overrun in ITHouse Mail Server v1.04 > Author : DCIST (securityteam@delphisplc.com) > O/S : Microsoft Windows NT v4.0 Workstation (SP6) > Product : ITHouse Mail Server v1.04 > Date : 30/05/2000 > > I. Description > > II. Solution > > III. Disclaimer > > > ========================================================================== > ====== > > > I. Description > ========================================================================== > ====== > > > Delphis Consulting Internet Security Team (DCIST) discovered the following > vulnerability in the ITHouse Mail Server under Windows NT. > > Sending an email via SMTP to an IT House Mail Server with a recipient's > name in > excess of 2270 bytes causes the IT House Mail Server to buffer overrun > overwriting > the EIP (2270 + EIP). This could allow an attacker to execute arbitrary > code on the > the server. > > Example: > HELO example.org > MAIL FROM:example@example.org > RCPT TO:<A x 2270> + EIP > DATA > > . > QUIT > > Wait for the mail delivery routine to start at which point the server will > crash > executing the arbitrary code. > > > II. Solution > ========================================================================== > ====== > > Vendor Status: Informed > > Currently there is no known solution to this problem. > > > III. Disclaimer > ========================================================================== > ====== > THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT > THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS > OR > IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE > PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR > CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR > RELIANCE > PLACED ON, THIS INFORMATION FOR ANY PURPOSE. > ========================================================================== > ====== _____________________________________________________________________ TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice" FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST" SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net Next message: Ussr Labs: "Re: Buffer Overflows with long file extensions in Windows" Previous message: Security Team: "DST2K0006: Denial of Service Possibility in Imate WebMail Server v2.5" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Portions of this site are copyright© 1998-2000, Neohapsis, Inc. Questions, comments or feedback, send E-mail to webmaster@neohapsis.com