mailing list archives
AppleShare IP Mail Server
From: chris () CYBERNET CO NZ (Chris Wedgwood)
Date: Wed, 8 Apr 1998 13:11:17 +1200
[Yet another buffer overrun? - I hope this isn't getting monotonous]
I noticed this a while back but haven't seen any else mention it.
There appears to be what looks like a buffer overrun problem with AppleShare
IP Mail Server.
If you connect to the SMTP port and issue a long string (say 500 bytes or
so) the server crashes - and because its a Mac, it usually crashed the whole
machine to the point where it needs a reboot.
So far I've only tested against servers which emit the banner 'AppleShare IP
Mail Server 5.0.3'
$ telnet some.where
Connected to some.where.
Escape character is '^]'.
220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
[ and it just hangs ]
$ ping some.where
[ ...nothing... ]
Physically checking the machine shows it has `locked up' and it a reboot. I
assume if you can cause a crash without the lockup then you might be able to
execute code and so something useful (on a Mac?).
QW vulnerability Glenn F. Maynard (Apr 07)
AppleShare IP Mail Server Chris Wedgwood (Apr 08)
Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
Re: BSD coredumps follow symlinks Nir Soffer (Apr 02)
Security hole in TMS/SMS standby (Apr 03)
BSD coredumps follow symlinks Ronny Cook (Apr 02)