Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: [rootshell] Security Bulletin #24 (fwd)

[rootshell] Security Bulletin #24 (fwd)

Xavier Beaudouin (kiwiOAV.NET)
Tue, 22 Sep 1998 14:10:53 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mnemonix: "WARNING! SMTP Denial of Service in SLmail ver 3.1"
Previous message: Martin Cracauer: "Re: FreeBSD VM gremlin"

---------- Forwarded message ----------
Date: 22 Sep 1998 02:27:04 -0000
From: announce-outgoingrootshell.com
Cc: recipient list not shown:  ;
Subject: [rootshell] Security Bulletin #24

www.rootshell.com
Security Bulletin #24
September 21st, 1998

[ http://www.rootshell.com/ ]

----------------------------------------------------------------------

To unsubscribe from this mailing list send e-mail to majordomorootshell.com
with "unsubscribe announce" in the BODY of the message.

Send submissions to inforootshell.com.  Messages sent will not be sent to
other members on this list unless it is featured in a security bulletin.

An archive of this list is available at :
http://www.rootshell.com/mailinglist-archive

----------------------------------------------------------------------

01. DoS attack in the latest version of SLMail (3.1)
----------------------------------------------------

>From mnemonixglobalnet.co.uk Mon Sep 21 18:56:12 1998
Date: Tue, 22 Sep 1998 02:11:32 +0100
From: Mnemonix <mnemonixglobalnet.co.uk>
To: submissionrootshell.com
Subject: DoS attack in the latest version of SLMail (3.1)

Dear All,

The latest version of SLMail is susceptible to a denial of service attack
whereby if the encrypted password of the user account is the default 24
characters in length plus another 177 charcters (making 201 characters all
in all) and the user, whose account it is, attempts to authenticate to the
POP3 service (slmail.exe) the process dies needing an administrator to
restart the service. When the slmail.exe process is studied in NTRegMon you
can see what's happening:

The USER command causes a spill when slmail.exe checks the registry for the
user account's existence but it is only after it checks a second time,
after the PASS command,  that the process actually dies.

The previous issue I had with earlier version whereby the Everyone group
has "set value" permissions to the relevant registry keys still applies.

It makes you wonder if any other NT services may be susceptible to a
similar problem.

Cheers,
Mnemonix

http://www.infowar.co.uk/mnemonix
http://www.diligence.co.uk

----------------------------------------------------------------------

To unsubscribe from this mailing list send e-mail to majordomorootshell.com
with "unsubscribe announce" in the BODY of the message.

Send submissions to inforootshell.com.  Messages sent will not be sent to
other members on this list unless it is featured in a security bulletin.

An archive of this list is available at :
http://www.rootshell.com/mailinglist-archive

----------------------------------------------------------------------

Next message: Mnemonix: "WARNING! SMTP Denial of Service in SLmail ver 3.1"
Previous message: Martin Cracauer: "Re: FreeBSD VM gremlin"