Date: Tue, 22 Sep 1998 21:02:46 GMT
From: Seattle Lab Technical Support <slmail@SEATTLELAB.COM>
To: BUGTRAQ@netspace.org
Subject: Re: WARNING! SMTP Denial of Service in SLmail ver 3.1
This bug has been noted and is currently being worked on by the
Seattle Lab software engineers. Seattle Lab expects to have a fix
available soon.
Regards,
Steve Hord URL http://www.seattlelab.com
Documentation Ordering (425) 402-6003
Seattle Lab Inc. Support (425) 481-7619
Bothell, WA (USA) Fax (425) 486-2766
On 9/22/98 13:28:00 you wrote:
Dear All,
The SLMail's smtp service (slsmtp.exe) is susceptible to a denial of
service attack, whereby a remote attacker can telnet to port 25 and
then
issue any of the following commands, which will set the slsmtp.exe
process
running at 100%.
send (
vrfy (
expn (
mail from: (
rcpt to: (
slsmtp.exe obviously doesn't like left brackets.
After 30 mins without the high processor usage abating, I had to stop
and
restart the service. While the process was in this state, although I
could
telnet to port 25 and connect, I received no response from the smtp
service. This attack is more likely to occur than the POP3 DoS due to
the
fact that if the mail server is accessible from the Internet then this
can
be launched by anyone from anywhere.
As to a fix - I still haven't heard anything from Seattlelab about a
patch.
I have
tried tweaking the registry but can't find a workaround there. Any
ideas
anyone?
Cheers,
Mnemonix
http://www.infowar.co.uk/mnemonixhttp://www.diligence.co.uk
