A denial of service attack has been discovered in Eserv 2.92 when running under Windows 2000 (SP1) and Windows NT 4.0 (SP5). It is possible for a remote attacker to cause Eserv to consume 99% of CPU resources then eventually crash.
A malicious attacker could Telnet to port 25, the listening port for Eserv SMTP server and send 8.4K of data after the HELO and MAIL FROM: SMTP commands. For example;
(A x 8.4K)
This will cause CPU utilization to reach 99% and the EServ service will eventually crash.
According to Delphis Consulting, there has been no vendor response or solution provided to this problem. Windows IT Security has also attempted to contact the vendor and will post the response here.