Alert Seattle Lab Sendmail v2.5 for NT vulnerable

David LeBlanc (dleblanc@ISS.NET)
Tue, 14 Oct 1997 17:49:54 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Brown: "Re: Security flaws in Yahoo Mail"
Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.11 - NEC Corp."

Version 2.5 (current version) is vulnerable to a buffer overrun attack on
the POP3 service. If the username supplied is too long, the service will
fail with a memory exception. To the best of our knowledge, there are no
current exploits which can cause remote execution, but given the
characteristics of the failure, it seems entirely possible that this could
occur. At the very least, it constitutes a denial of service which will
require rebooting the server if attacked. We notified Seattle Lab of this
problem two months ago, and they did not seem to understand the severity of
the problem.

Severity: Denial of service, possible remote execution as system

Fix: Use a different product and/or complain to the vendor. It didn't do
us much good, but perhaps there is strength in numbers...

BTW, the current shipping versions of both the UNIX and NT ISS Scanners are
capable of causing these failures.

-----------------------------------------------------------
David LeBlanc | Voice: (770)395-0150 x138
Internet Security Systems, Inc. | Fax: (404)395-1972
41 Perimeter Center East | E-Mail: dleblanc@iss.net
Suite 660 | www: http://www.iss.net/
Atlanta, GA 30328 |

Next message: Andrew Brown: "Re: Security flaws in Yahoo Mail"
Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.11 - NEC Corp."