Re: SLMail 2.6 DoS - Imail also

Mark Symons (mark.symons@za.eds.com)
Tue, 17 Mar 1998 22:28:12 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Kankovsky: "Re: Midnight Commander /tmp race"
Previous message: Thomas Roessler: "Re: Another day, another race - lynx 2.7.1"
Maybe in reply to: Jon: "SLMail 2.6 DoS - Imail also"

There have recently been a couple of messages concerning DoS attacks on
NT-based SLMail and IMail SMTP servers. At the end of January, a
similar report was made concerning IMail's POP3 server.

Jon[SMTP:steven@EFNI.COM] wrote:

> A long string of text after a command makes
> the program (SLMail) crash.

(Snip)

> It will stay unresponsive until manually restarted.

(Snip)

> Out of boredom, I tried another smtp daemon for Windows,
> IMail (I tried 4.03) by IPSwitch (www.ipswitch.com). Which
> crashed the same way. Pretty strange, I've only tried two
> windowsNT smtp daemons, and both crashed the same way...

I cannot comment on SLMail, but John Junod (author of IMail) says the
following:

# That "bug" by the way, doesn't cause IMail any problems.
# It only causes the "hacker" a problem since IMail won't
# release the connection and won't accept any more input
# from them until they drop the connection and reconnect.
# It does not affect any other sessions to the SMTP server.
# The session does drop cleanly freeing all resources as
# designed either when the "hacker" breaks the connection
# or when the timeout occurs, whichever occurs first.

Mark Symons
EDS Africa
mark.symons@za.eds.com

Next message: Pavel Kankovsky: "Re: Midnight Commander /tmp race"
Previous message: Thomas Roessler: "Re: Another day, another race - lynx 2.7.1"
Maybe in reply to: Jon: "SLMail 2.6 DoS - Imail also"