Bugtraq: Seattle Lab fixes security issue in SLmail

[aleph1 () DFW NET (Aleph One)]

[ Denial of service? There is nothing like PR damage control. - a1 ]

---------- Forwarded message ----------
Date: Fri, 10 Jul 1998 22:54:07 GMT
From: Lee Thompson <lt () seattlelab com>
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Seattle Lab fixes security issue in SLmail

-- Beta release corrects denial of service problem --

BOTHELL, WA, July 10, 1998 -- Recently a security problem was discovered =
with the release
versions of both SLmail 3.0 for Windows NT and SLmail 2.6 for Windows 95.=
 =20

Specifically, the problem is a denial of service attack, which is usually=
 initiated from
outside the mail server site.  If the MAIL FROM: line in the SMTP =
envelope exceeds 256
characters, it causes a critical error in SLmail's router and causes the =
SLmail.exe
service to shut down.

"Security is an extremely important priority to us at Seattle Lab," said =
President L.A.
Heberlein.   "As soon as we were notified yesterday, we focused intensely=
 on correcting
the problem, and we achieved a fix within twenty-four hours of first =
hearing about it."

The fix was incorporated in beta versions of SLmail 3.1 and SLmail 2.7. =
Customers who
would like to receive the beta versions should contact =
betaadmin () seattlelab com   Please
put the product serial number in the subject line.  We will post the =
release versions of
these programs to our download site as soon as testing is completed.

_
Lee Thompson                       lt () seattlelab com
Seattle Lab Inc.           http://www.seattlelab.com
Product Manager