Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Netwin's Dmail package
From: Eric Andry (ericWINCOM.NET)
Date: Thu Jun 01 2000 - 12:43:09 CDT
- Next message: H D Moore: "Re: IBM HTTP SERVER / APACHE (DoS)"
- Previous message: Marc: "RELEASED: LibnetNT by eEye Digital Security"
- Next in thread: noir: "Re: Netwin's Dmail package"
- Reply: noir: "Re: Netwin's Dmail package"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've been sitting on this for a while, but dsmtp ( Part of
the dmail package by NetWin, http://www.netwinsite.com ) has
a buffer overflow in the ETRN command, causing the server to
crash and dump core. I've contacted NetWin and they are
working on the problem, but 3 new Betas have been released
since and still the problem isn't fixed, so I figure I might
as well put it up.
NotNow>telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 myhost.mydomain DSMTP ESMTP Server v2.8g
250-myhost.mydomain. Hello "" (127.0.0.1)
Connection closed by foreign host.
NotNow>ls -la core
-rw------- 1 root root 1961984 Jun 1 13:42 core
A little over 260 A's would cauase the crash. I don't know
if someone wants to attempt a remote root exploit, but I'd
be interested to see it as I haven't been successful yet.
(Not exactly the most experienced coder in the world..
Skills just better then a rock.. But at least I'll admit
it). But this is at least a stupid little DoS.