Overflow in Seattle Lab Sendmail v2.5

Date: Tue, 14 Oct 1997 17:49:54 -0400
From: David LeBlanc <dleblanc@ISS.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert Seattle Lab Sendmail v2.5 for NT vulnerable

Version 2.5 (current version) is vulnerable to a buffer overrun attack on
the POP3 service.  If the username supplied is too long, the service will
fail with a memory exception.  To the best of our knowledge, there are no
current exploits which can cause remote execution, but given the
characteristics of the failure, it seems entirely possible that this could
occur.  At the very least, it constitutes a denial of service which will
require rebooting the server if attacked.  We notified Seattle Lab of this
problem two months ago, and they did not seem to understand the severity of
the problem.

Severity: Denial of service, possible remote execution as system

Fix:  Use a different product and/or complain to the vendor.  It didn't do
us much good, but perhaps there is strength in numbers...

BTW, the current shipping versions of both the UNIX and NT ISS Scanners are
capable of causing these failures.


-----------------------------------------------------------
David LeBlanc                   | Voice: (770)395-0150 x138
Internet Security Systems, Inc. | Fax:   (404)395-1972
41 Perimeter Center East        | E-Mail:  dleblanc@iss.net
Suite 660                       | www: http://www.iss.net/
Atlanta, GA 30328               |