Bugtraq mailing list archives
DoS in Intel corporation 'InBusiness eMail Station'
From: Knud Erik Højgaard - CyberCity Support <knud () CYBERCITY DK>
Date: Fri, 20 Oct 2000 14:05:52 +0200
Intel corporation 'InBusiness eMail Station' firmware version 1.04.87 (latest) Denial of service vulnerability. Vendor notification date: 20/10-2000 Public notification date: 20/10-2000 Problem: I found a buffer overflow in the Intel InBusiness eMail Station, which can enable an attacker to execute a denial of service attack against it. Disclaimer: For educational purposes only. example : [foo@bar]$ telnet mailstation 110 Trying mailstation... Connected to mailstation. Escape character is '^]'. +OK Pop server at mailstation starting. <2831812.972049732@mail> user [buffer] where [buffer] is appx. 620 chars of your own choice.(tried A and %, expect all to work) Symptoms: The box(a nice little piece of hardware with built-in harddrive and all) will stop responding, and needs a power cycle to restore function. Reason for posting same date as vendor notification: Intel was contacted and informed of the bug, and all they had to say was "You're using it in a way its not supposed to be used" (i told them it was on a leased line) - in their opinion it doesn't matter since its possible to connect a modem to it, and use it for retrieving mail and distributing it locally. Sincerely (and a big thanks to Intel for not caring about product security at all) Knud Erik Højgaard <kain () perker dk>
Current thread:
- DoS in Intel corporation 'InBusiness eMail Station' Knud Erik Højgaard - CyberCity Support (Oct 20)