Date: Tue, 22 Sep 1998 21:24:07 +0100
From: Mnemonix <mnemonix@GLOBALNET.CO.UK>
To: BUGTRAQ@netspace.org
Subject: WARNING! SMTP Denial of Service in SLmail ver 3.1
Dear All,
The SLMail's smtp service (slsmtp.exe) is susceptible to a denial of
service attack, whereby a remote attacker can telnet to port 25 and then
issue any of the following commands, which will set the slsmtp.exe process
running at 100%.
send (
vrfy (
expn (
mail from: (
rcpt to: (
slsmtp.exe obviously doesn't like left brackets.
After 30 mins without the high processor usage abating, I had to stop and
restart the service. While the process was in this state, although I could
telnet to port 25 and connect, I received no response from the smtp
service. This attack is more likely to occur than the POP3 DoS due to the
fact that if the mail server is accessible from the Internet then this can
be launched by anyone from anywhere.
As to a fix - I still haven't heard anything from Seattlelab about a patch.
I have
tried tweaking the registry but can't find a workaround there. Any ideas
anyone?
Cheers,
Mnemonix
http://www.infowar.co.uk/mnemonixhttp://www.diligence.co.uk
