|
Bugtraq
mailing list archives
AppleShare IP Mail Server
From: chris () CYBERNET CO NZ (Chris Wedgwood)
Date: Wed, 8 Apr 1998 13:11:17 +1200
[Yet another buffer overrun? - I hope this isn't getting monotonous]
I noticed this a while back but haven't seen any else mention it.
There appears to be what looks like a buffer overrun problem with AppleShare
IP Mail Server.
If you connect to the SMTP port and issue a long string (say 500 bytes or
so) the server crashes - and because its a Mac, it usually crashed the whole
machine to the point where it needs a reboot.
So far I've only tested against servers which emit the banner 'AppleShare IP
Mail Server 5.0.3'
For example:
$ telnet some.where
Trying 1.2.3.4...
Connected to some.where.
Escape character is '^]'.
220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
[ and it just hangs ]
$ ping some.where
[ ...nothing... ]
Physically checking the machine shows it has `locked up' and it a reboot. I
assume if you can cause a crash without the lockup then you might be able to
execute code and so something useful (on a Mac?).
-cw
 By Date 
By Thread
Current thread:
- announce: weaken for netscape !! (fwd), (continued)
QW vulnerability Glenn F. Maynard (Apr 07)
AppleShare IP Mail Server Chris Wedgwood (Apr 07)
Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
|
Intro
