Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

slmail3.1.txt

🗓️ 17 Aug 1999 00:00:00Reported by eEye Digital SecurityType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

Multiple vulnerabilities in SLMail 3.1 affect CPU usage and server stability through specific commands.

Code
`Date: Thu, 4 Feb 1999 13:51:32 -0800  
From: Marc <[email protected]>  
To: [email protected]  
Subject: Multiple SLMail Vulnerabilities  
  
  
________________________________________________________________________  
  
eEye Digital Security Team <e>  
www.eEye.com  
[email protected]  
February 04, 1999  
________________________________________________________________________  
  
Multiple SLMail Vulnerabilities  
  
Systems Affected  
SLMail 3.1  
  
Release Date  
February 04, 1999  
  
Advisory Code  
AD02041999  
  
________________________________________________________________________  
  
Description:  
________________________________________________________________________  
  
We were once again grinding software through Retina Alpha code and have  
found the following.  
  
One of the ports that SLMail's POP Service listens on is port 27. It  
provides ESMTP functionality. The only difference between it and SLMail's  
SMTP service is that port 27 provides the "turn" functions. All  
vulnerabilities are based off of the port 27 service.  
  
The first vulnerability involves the "helo" command. There are two  
vulnerabilities within it. The first is sending "helo" followed by 819 to  
849 characters. This will send the servers CPU to idle around 90%.  
  
The second vulnerability in the "helo" command is a buffer overflow. If you  
issue "helo" followed by 855 to 2041 characters the server will crash with  
your typical overflow error.  
  
The second set of vulnerabilities are with the "vrfy" and "expn" commands.  
We have not tested to find the start and stop string lengths but sending  
"vrfy" or "expn" with 2041 characters will cause the SLMail.exe to exit  
itself.  
  
So we can either send the CPU to 90%, overflow some buffers, or have the  
server exit without a trace. Take your pick.  
  
________________________________________________________________________  
  
Vendor Status  
________________________________________________________________________  
  
We gave SeattleLabs a week. We have no reply so far. Contact them directly  
and maybe they will respond.  
  
________________________________________________________________________  
  
Copyright (c) 1999 eEye Digital Security Team  
________________________________________________________________________  
  
Permission is hereby granted for the redistribution of this alert  
electronically. It is not to be edited in any way without express consent of  
eEye. If you wish to reprint the whole or any part of this alert in any  
other medium excluding electronic medium, please e-mail [email protected] for  
permission.  
  
________________________________________________________________________  
  
Disclaimer:  
________________________________________________________________________  
  
The information within this paper may change without notice. Use of this  
information constitutes acceptance for use in an AS IS condition. There are  
NO warranties with regard to this information. In no event shall the author  
be liable for any damages whatsoever arising out of or in connection with  
the use or spread of this information. Any use of this information is at the  
user's own risk.  
  
Please send suggestions, updates, and comments to:  
eEye Digital Security Team  
[email protected]  
http://www.eEye.com  
  
-------------------------------------------------------------------------------------  
  
Date: Thu, 4 Feb 1999 23:58:24 GMT  
From: Lee Thompson <[email protected]>  
To: [email protected]  
Subject: Multiple SLMail Vulnerabilities  
  
We are working on a fix and will be including it in our SLmail 3.2 maintenance  
release.  
  
_  
Lee Thompson [email protected]  
Seattle Lab Inc. http://www.seattlelab.com  
Product Manager  
  
-------------------------------------------------------------------------------------  
  
Date: Wed, 10 Mar 1999 20:06:35 GMT  
From: Lee Thompson <[email protected]>  
To: [email protected]  
Subject: SLmail ETRN (Port 27 DoS) Status  
  
Just thought I'd let everyone know where we are with this DoS fix (Port  
27/ETRN).  
  
We are eliminating this port entirely.   
  
"The ETRN port" is actually legacy code, and as of today the replacement piece  
has cleared it's first major hurtle and is in alpha testing.   
  
_  
Lee Thompson [email protected]  
Seattle Lab Inc. http://www.seattlelab.com  
Product Manager  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
slmailvulnerabilitiescpu usagebuffer overflowhelo commandvrfy commandexpn command.
44