OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: DoS in FirstClass Internet Services 5.770
From: Adam Prime (adam.primeUTORONTO.CA)
Date: Tue Jun 27 2000 - 21:35:21 CDT


We got a bizarre malformed mail from some dot com that hasn't learned about
BCC yet with a 1.4 meg To: Header. The mail was handled fine by
Software.com's Post.Office, but when Post.Office tried to pass the mail to
our FirstClass server, the First Class Internet Services process would
hang. I wrote a perl script to send other emails with gigantic headers,
but i was unable to reproduce the problem with just large headers (though
it did bring the system to a crawl, and eventually cause strange things to
happen). The original email put's the Internet Services process into "Not
responding" after only 30 seconds or so.

a demonstration perl script which will crash FCIS Internet Services is
available at http://doot.dyndns.org/fcdos.tar.gz . Though be warned, it is
100 k or so because it contains a sanitized version of the original email
that we received (addresses obfuscated). Emails to the vendor were not
returned or acknowledged.

Adam