Type packetstorm
Reporter Dark Spyrit
Modified 1999-11-08T00:00:00


                                            `Date: Mon, 8 Nov 1999 01:50:26 +1300 (NZDT)  
From: dark spyrit <>  
Subject: Interscan VirusWall NT 3.23/3.3 buffer overflow.  
A buffer overflow exists on the VirusWall smtp gateway - by sending a long  
HELO command you can overflow the buffer and execute arbitrary code.  
Example code has been written which will spawn a command prompt on a port  
you specify.  
Before you shrug this one off, take a look:  
Connected to  
Escape character is '^]'.  
220 InterScan VirusWall NT ESMTP 3.23 (build 9/10/99)  
at Sun, 07 Nov 1999 03:38:44 -0800 (Pacific Standard Time)  
The ironic thing here is, VirusWall was designed to prevent viruses and  
'malicious code'.  
Obviously not a lot of thought was taken before laying their trust into  
3rd party 'security' products.  
A quick note to the millions out there who would give their right arm to  
compromise microsofts network - sorry, their firewall would prevent the  
payload from spawning a remote shell.. unless of course it was modified to  
stop an existing service to open a port :)  
Exploit source and binary is available at  
Credit to Liraz Siri for bringing this to our attention.  
Hi to eEye/w00w00/teso.  
dark spyrit - bend over and pray.