Subscribe to Windows IT Pro
October 14, 1997 12:00 AM

SLMail v2.5 POP Service

Editors
Windows IT Pro
InstantDoc ID #9223
Rating: (0)

Seattle Labs SLMail 2.5

Reported October 14, 1997 by David LeBlanc

Systems Affected

Systems Running SLMail 2.5

The Problem

David LeBlanc writes:

Version 2.5 (current version) is vulnerable to a buffer overrun attack on the POP3 service.  If the username supplied is too long, the service will fail with a memory exception.  To the best of our knowledge, there are no current exploits which can cause remote execution, but given the characteristics of the failure, it seems entirely possible that this could occur.  At the very least, it constitutes a denial of service which will require rebooting the server if attacked.  We notified Seattle Lab of this problem two months ago, and they did not seem to understand the severity of the problem.

Stopping the Problem:

Upgrade to version 2.6

Seattle Lab"s Response:

The firms says a fix is available in their SLMail v2.6 located HERE

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by David LeBlanc
Posted here at NTSecurity.Net October 22, 1997

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.