OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
From: Security Team (securityteamDELPHISPLC.COM)
Date: Thu Jun 01 2000 - 02:43:38 CDT


> ==========================================================================
> ======
> Delphis Consulting Plc
> ==========================================================================
> ======
>
> Security Team Advisories
> [30/05/2000]
>
>
> securityteamdelphisplc.com
> [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==========================================================================
> ======
> Adv : DST2K0007
> Title : Buffer Overrun in ITHouse Mail Server v1.04
> Author : DCIST (securityteamdelphisplc.com)
> O/S : Microsoft Windows NT v4.0 Workstation (SP6)
> Product : ITHouse Mail Server v1.04
> Date : 30/05/2000
>
> I. Description
>
> II. Solution
>
> III. Disclaimer
>
>
> ==========================================================================
> ======
>
>
> I. Description
> ==========================================================================
> ======
>
>
> Delphis Consulting Internet Security Team (DCIST) discovered the following
> vulnerability in the ITHouse Mail Server under Windows NT.
>
> Sending an email via SMTP to an IT House Mail Server with a recipient's
> name in
> excess of 2270 bytes causes the IT House Mail Server to buffer overrun
> overwriting
> the EIP (2270 + EIP). This could allow an attacker to execute arbitrary
> code on the
> the server.
>
> Example:
> HELO example.org
> MAIL FROM:exampleexample.org
> RCPT TO:<A x 2270> + EIP
> DATA
>
> .
> QUIT
>
> Wait for the mail delivery routine to start at which point the server will
> crash
> executing the arbitrary code.
>
>
> II. Solution
> ==========================================================================
> ======
>
> Vendor Status: Informed
>
> Currently there is no known solution to this problem.
>
>
> III. Disclaimer
> ==========================================================================
> ======
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS
> OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR
> RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==========================================================================
> ======

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net