Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Buffer Overflow in iSMTP Gateway

Buffer Overflow in iSMTP Gateway

by Nikola Strahija on November 11th, 2002 Network Intelligence India Pvt. Ltd. http://www.nii.co.in


Background:
==========
iSMTP Gateway is a Mail Gateway software from Incognito Systems. I quote
directly from the vendor's email:
"The iSMTP gateway runs only on the Banyan VINES operating system (or Banyan
ST4NT). Banyan ceased any further development on VINES 2 years ago and has
refused to provide any support on the product for well over a year. Ten
years ago when the iSMTP software was written it was used by virtually every
member of the Fortune 1000, most Universities world-wide and the entire U.S.
military. "


Description:
=========
If a user sends an overly long MAIL FROM: command, the server responds with
a 'Command Unrecognised' response and subsequently crashes. We speculate
that this probably happens when the system tries to make an entry into the
log file or something else of that nature. That the system is able to give a
valid response before crashing implies that the buffer overflow probably
takes place at some later stage of processing the input.
We do not yet know the exact length of the string that needs to follow the
MAIL FROM: command in order to crash the software. We used a string which
consisted of about 4000 'A's
We tested this on version 5.0.1 of the iSMTP software.


Vendor Response:
=============
The vendor notifies us that they have been unable to replicate the error
in the latest version of the software, which is available from
ftp://ftp.incognito.com
We urge any users of iSMTP to verify this for themselves.


Suggested Workarounds:
==================
In case, you are not using the latest version of the software, we strongly
urge you to upgrade immediately. More information on this can be obtained
from customer support at Incognito.


Note:
====
We term the severity as Medium-High because the vendor certifies that most
of the installations are pretty critical. This included the one we did the
testing on. But taking into account the fact this software is far from being
as popular as the other common Mail Servers, any potential exploit would not
have very far reaching consequences.

This advisory is available online at http://www.nii.co.in/vuln/ismtp.html

Sincerely,

K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Tel: 91-22-2001530, 2006019
Email: [email protected]
Web: www.nii.co.in


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »