interscan.txt

1999-11-08T00:00:00
ID PACKETSTORM:11530
Type packetstorm
Reporter Dark Spyrit
Modified 1999-11-08T00:00:00

Description

                                        
                                            `Date: Mon, 8 Nov 1999 01:50:26 +1300 (NZDT)  
From: dark spyrit <dspyrit@beavuh.org>  
To: news@technotronic.com  
Subject: Interscan VirusWall NT 3.23/3.3 buffer overflow.  
  
  
A buffer overflow exists on the VirusWall smtp gateway - by sending a long  
HELO command you can overflow the buffer and execute arbitrary code.  
  
Example code has been written which will spawn a command prompt on a port  
you specify.  
  
Before you shrug this one off, take a look:  
  
Connected to mail1.microsoft.com.  
Escape character is '^]'.  
220 mail1.microsoft.com InterScan VirusWall NT ESMTP 3.23 (build 9/10/99)  
ready  
at Sun, 07 Nov 1999 03:38:44 -0800 (Pacific Standard Time)  
  
The ironic thing here is, VirusWall was designed to prevent viruses and  
'malicious code'.  
  
Obviously not a lot of thought was taken before laying their trust into  
3rd party 'security' products.  
  
A quick note to the millions out there who would give their right arm to  
compromise microsofts network - sorry, their firewall would prevent the  
payload from spawning a remote shell.. unless of course it was modified to  
stop an existing service to open a port :)  
  
Exploit source and binary is available at http://www.beavuh.org.  
  
Credit to Liraz Siri for bringing this to our attention.  
  
Hi to eEye/w00w00/teso.  
  
dark spyrit  
http://www.beavuh.org - bend over and pray.  
  
  
  
`