AppleShare IP Mail Server

chrisCYBERNET.CO.NZ

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Luyer: "Re: AppleShare IP Mail Server"
• Previous message: Glenn F. Maynard: "QW vulnerability"
• Next in thread: David Luyer: "Re: AppleShare IP Mail Server"

[Yet another buffer overrun? - I hope this isn't getting monotonous]

I noticed this a while back but haven't seen any else mention it.


There appears to be what looks like a buffer overrun problem with AppleShare
IP Mail Server.

If you connect to the SMTP port and issue a long string (say 500 bytes or
so) the server crashes - and because its a Mac, it usually crashed the whole
machine to the point where it needs a reboot.

So far I've only tested against servers which emit the banner 'AppleShare IP
Mail Server 5.0.3'

For example:


$ telnet some.where
Trying 1.2.3.4...
Connected to some.where.
Escape character is '^]'.
220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
[ and it just hangs ]

$ ping some.where
[ ...nothing... ]


Physically checking the machine shows it has `locked up' and it a reboot. I
assume if you can cause a crash without the lockup then you might be able to
execute code and so something useful (on a Mac?).




-cw

• Next message: David Luyer: "Re: AppleShare IP Mail Server"
• Previous message: Glenn F. Maynard: "QW vulnerability"
• Next in thread: David Luyer: "Re: AppleShare IP Mail Server"