DoS in SurfControl's EmailFilter

["Led Slinger" <leds () darkwater net>]

Just an FYI: I did communicate heavily with SurfControl on this before
posting it here:

On February 12, 2002, I contacted SurfControl concerning a denial of
service condition in the EmailFilter Version 4.0.  The DoS was
successfully carried out on  a Windows 2000 Professional SP2 box.  On
February 16, 2002, SurfControl confirmed the vulnerability and said that
they were diligently working on a patch for the condition.  I will not
go into significant detail as the exploit is extremely simple.  I,
personally do not have the time to dig much deeper into their software. 
On the 28th of February, I was told by SurfControl that a patch was
available and that the fix would be included in their next release.  To
me, it was not a HUGE vulnerability but to someone who depends on their
Email system and used the EmailFilter as their sole gateway (not the
best move either), it could be big trouble.

A simple test:

Access the EmailFilter via telnet and issue the HELO command with a
parameter of 906 plus characters.  The service should fold.

This also works with the RCPT TO: command with an identical number pf
characters.


Setting up the service to restart automatically reduces the overall
impact, but does not remove it completely.

Just thought I'd pass this along.

Cheers!


Leds!
-- 
There's nothing wrong with Windows until you install it........