Stalker Internet Mail Server Long HELO Overflow

1998-04-08T12:34:09
ID OSVDB:6034
Type osvdb
Reporter David Luyer(luyer@ucs.uwa.edu.au)
Modified 1998-04-08T12:34:09

Description

Vulnerability Description

Stalker Internet Mail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

Solution Description

Upgrade to version 1.7b2, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Stalker Internet Mail Server contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 1024 or more characters to port 25, an attacker will crash the server.

References:

Related OSVDB ID: 5969 Related OSVDB ID: 6023 Related OSVDB ID: 5970 Related OSVDB ID: 6031 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0040.html ISS X-Force ID: 886 CVE-1999-1504 Bugtraq ID: 0062