Buffer Overrun in ITHouse Mail Server

 
Buffer Overrun in ITHouse Mail Server
Reported June 1 by
Delphis Consulting Internet Security Team

VERSIONS EFFECTED
ITHouse Mail Server v1.04

DESCRIPTION

The SMTP mail service can be made to crash by sending a string of 2270 characters as a parameter to the RCPT TO command. During the crash characters beyond 2270 overwrite the EIP register making it possible to run abritrary code on the remote system.

DEMONSTRATION

HELO example.domain
MAIL FROM: [email protected]
RCPT TO: <A x 2270> + EIP code
DATA
.
QUIT

VENDOR RESPONSE

The vendor, ITHouse, is aware of the problem and has released a patch which is available from their support department.

CREDITS
Discovered and reported by Delphis Consulting Internet Security Team

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish