COMMAND

    CSM Mail Server

SYSTEMS AFFECTED

    CSM Mail Server for Windows 95/NT v.2000.08.A and older

PROBLEM

    CSM Mail Server for Windows 95/NT allows:

        * FIREWALL  is usefull  to reject  unwanted calls  to the SMTP
          server.
        * ANTI-SPAMMING is usefull to reject unwanted messages.
        * To define VIRTUAL DOMAINS which are physically manage by the
          server itself.
        * To define SECONDARY DOMAINS which are physically managed  by
          the same or another server computer.
        * To ROUTE (send or  receive) messages between itself and  the
          Internet.
        * To ROUTE (send via  SMTP) received message to the  secondary
          domains.
        * To TRANSFER  (send or receive)  messages between itself  and
          the worktations attached to the local area network (LAN).
        * To MANAGE the user mailboxes.
        * To DISRIBUTE the messages in the mailboxes.
        * It can be installed behind a Firewall or a CSM Proxy server.

    UssrLabs found a local/remote  Buffer overflow and maybe  remotely
    exploitable buffer overflow.   The overflow is  caused by a  (long
    HELO) in the login procedure.  Example:

        [hellme@die-communitech.net$ telnet example.com 25
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        220 SMTP CSM Mail Server ready at ServerName.com (Version 2000.08.A - NT.4.0.1381)
        helo [buffer]

    Where  [buffer]  is  aprox.  12000  characters.   At his point the
    server overflows and crashes.

SOLUTION

    Vendor has been informed, but nothing yet.