OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: UPDATE: DoS Attack in Eserv 2.92
From: Steve (steveSECURESOLUTIONS.ORG)
Date: Tue Sep 26 2000 - 10:51:21 CDT

I recieved this from the vendor this morning. Looks like they fixed up the
problem in their latest version.

Regards;

Steve Manzuik
Moderator - Win2K Security Advice

Security Analyst - Bindview RAZOR
http://razor.bindview.com

-------------------------------------------

-----Original Message-----
From: Andrey Cherezov [mailto:andreycherezov.koenig.su]
Sent: Tuesday, September 26, 2000 4:59 AM
To: 'Steve'
Cc: securityteamdelphisplc.com; alexenet.ru
Subject: RE: DoS Attack in Eserv 2.92
Importance: High

Hello!

I've tested these commands with the current Eserv/2.93 beta
(ftp://ftp.eserv.ru/pub/Eserv2999.zip - replacement for Eserv.exe from
Eserv/2.92)
and there no such problem - the mail was successfully delivered to the
postmaster mailbox, and there no crash.
Please try the Eserv2999, and if the problem persists - please mail me
details (dump of the crash, more info about your Eserv configuration).

Thank you, 

--
Andrey Cherezov

> -----Original Message-----
> From: Steve [mailto:stevesecuresolutions.org]
> Sent: Monday, September 25, 2000 5:13 PM
> To: infoeserv.ru
> Cc: securityeserv.ru; supporteserv.ru; buseserv.ru
> Subject: DoS Attack in Eserv 2.92
> Importance: High
>
>
> Just wanted to make sure you guys have read this.  It was
> made public by
> Delphis today.
>
> Regards;
>
>
> Steve Manzuik
> Moderator - Win2K Security Advice
>
> Security Analyst - Bindview RAZOR
> http://razor.bindview.com
>
> -------------------------------------------
>
> ==============================================================
> ==============
>                           Delphis Consulting Plc
> ==============================================================
> ==============
>
>                          Security Team Advisories
>                              [14/09/2000]
>
>                           securityteamdelphisplc.com
>                 [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==============================================================
> ==============
> Adv     :       DST2K0030
> Title   :       DoS in EServ 2.92 Build 2982
> Author  :       DCIST (securityteamdelphisplc.com)
> O/S     :       Microsoft Windows NT 2000 Professional (SP1)
>                   Microsoft Windows NT 4 Server (SP5)
> Product :       EServ 2.92 Build 2982
> Date    :       12/09/2000
>
> I.    Description
>
> II.   Solution
>
> III.  Disclaimer
>
>
> ==============================================================
> ==============
>
> I. Description
> ==============================================================
> ==============
>
> Vendor URL: http://www.eserv.ru/
>
> Delphis Consulting Internet Security Team (DCIST) discovered
> the following
> vulnerabilities in EServ under Windows NT.
>
> Severity: medium
>
> It is possible to cause EServ Server to crash with an invalid read
> error. This is done by connecting to port 25 upon which the
> SMTP server
> listens on and sending the following.
>
> HELO (A x 8.4k)
> MAIL FROM: test(A x 8.4K).com
> RCPT TO: <localuser>
> DATA
> .
>
> Wait for between 30 seconds and 1.5 hours and the EServ
> service will crash
> with an Invalid read error. It should be pointed out that the
> server will
> sit at 99% CPU comsumption until the server does crash.
>
> II. Solution
> ==============================================================
> ==============
>
> Vendor Status: Informed
>
> Currently there is no know solution to this problem. Delphis Internet
> Security team would advise users of this product to perform one of two
> actions.
>
> a) Restrict the IP addresses which are able to connect to
> your machine by
>  the use of a Firewall, Router ACL or Microsoft TCP/IP
> advanced settings.
>
> b) Use another vendors STMP daemon as a temporary measure until this
>  has been resolved.
>
> Note: Delphis have attempted to contact the Vendor but to no
> avail, copies
> of this Advisory were sent to their support department on
> more than one
> occasion.
>
> III. Disclaimer
> ==============================================================
> ==============
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE
> ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS
> GIVEN, EXPRESS OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS.  NEITHER THE
> AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE
> OF, OR RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==============================================================
> ==============
> This e-mail and any files transmitted with it are intended
> solely for the
> addressee and are confidential. They may also be legally
> privileged.Copyright in them is reserved by Delphis Consulting PLC
> ["Delphis"] and they must not be disclosed to, or used by,
> anyone other than
> the addressee.If you have received this e-mail and any
> accompanying files in
> error, you may not copy, publish or use them in any way and you should
> delete them from your system and notify us immediately.E-mails are not
> secure.  Delphis does not accept responsibility for changes
> to e-mails that
> occur after they have been sent.  Any opinions expressed in
> this e-mail may
> be personal to the author and may not necessarily reflect the
> opinions of
> Delphis

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net