AppleShare IP Mail Server Long HELO Overflow

1998-04-08T13:11:17
ID OSVDB:5970
Type osvdb
Reporter Chris Wedgwood(chris@cybernet.co.nz)
Modified 1998-04-08T13:11:17

Description

Vulnerability Description

AppleShare IP Mail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

Solution Description

Upgrade to version 5.0.4, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AppleShare IP Mail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

References:

Vendor Specific Advisory URL Related OSVDB ID: 5969 Related OSVDB ID: 6023 Related OSVDB ID: 6031 Related OSVDB ID: 6034 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0039.html ISS X-Force ID: 886 CVE-1999-1015 Bugtraq ID: 0061