Overflow in Seattle Lab Sendmail v2.5

Summary
Description:Overflow in the username given to this program when sending mail
Author:David LeBlanc <dleblanc@ISS.NET> (Who is a loser, BTW)
Compromise:Lame DoS, possible remote execution of commands
Vulnerable Systems:Windoze NT running Version 2.5 (probably earlier also) of Seattle Lab Sendmail for NT
Date:14 October 1997
Details


Date: Tue, 14 Oct 1997 17:49:54 -0400
From: David LeBlanc <dleblanc@ISS.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert Seattle Lab Sendmail v2.5 for NT vulnerable

Version 2.5 (current version) is vulnerable to a buffer overrun attack on
the POP3 service.  If the username supplied is too long, the service will
fail with a memory exception.  To the best of our knowledge, there are no
current exploits which can cause remote execution, but given the
characteristics of the failure, it seems entirely possible that this could
occur.  At the very least, it constitutes a denial of service which will
require rebooting the server if attacked.  We notified Seattle Lab of this
problem two months ago, and they did not seem to understand the severity of
the problem.

Severity: Denial of service, possible remote execution as system

Fix:  Use a different product and/or complain to the vendor.  It didn't do
us much good, but perhaps there is strength in numbers...

BTW, the current shipping versions of both the UNIX and NT ISS Scanners are
capable of causing these failures.


-----------------------------------------------------------
David LeBlanc                   | Voice: (770)395-0150 x138
Internet Security Systems, Inc. | Fax:   (404)395-1972
41 Perimeter Center East        | E-Mail:  dleblanc@iss.net
Suite 660                       | www: http://www.iss.net/
Atlanta, GA 30328               |

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]