Hello Ipswitch are you listening to this..?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jerry Murdock
Sent: Friday, December 08, 2000 7:57 AM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] Fw: DoS by SMTP AUTH command in IPSwitch IMail
server
FYI, This was posted to BugTraq yesterday.
----- Original Message -----
From: "SAKAI Yoriyuki" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 06, 2000 8:41 PM
Subject: DoS by SMTP AUTH command in IPSwitch IMail server
> Dear folks,
>
> I found a kind of DoS to handle SMTP AUTH command in IPSwitch IMail
> server version 6.0.5.
> IPSwitch ships a product titled IMail, an email server for usage on NT
> servers serving SMTP, POP3, IMAP4, LDAP etc.
> It supports SMTP AUTH commands (RFC2554) and several authenticate methods
> to relay/accept e-mail.
>
> Problem Description
> -------------------
> I put passwords over 80 bytes and less than 136 bytes in BASE64 format,
> the smtp server of IMail stop to response. No new SMTP sessions are
> able to created from local and remote. In this case, the length of
> password made a problem, no value matters.
>
> Example of Issue:
> HELO myhost
> 250 hello target
> AUTH LOGIN
> 334 VXNlcm5hbWU6 (Put BASE64ed user name)
> 334 UGFzc3dvcmQ6
> (Put BASE64ed user password over 80 bytes and less than 136 bytes;
> the length of password is proximal.)
> (The connection is disconnected.)
>
> When I put over about 136 bytes for password, the server responds
> the status of "552"(command exceeds maximum length) and continue
> to work.
> If the length of password is less than 80 bytes, it works normally.
>
> Remotely Exploitable
> --------------------
> Yes
>
> Locally Exploitable
> --------------------
> Yes
>
> Tested Version of IMail
> -----------------------
> 6 Gold (Japanese; No minor version is available)
> 6.0.5 (English)
>
> Tested on
> ---------
> Windows NT 4.0 Server SP6a (Japanese/English)
> Windows 2000 Server (No SPs) (Japanese/English)
> Windows 2000 Server SP1 (Japanese/English)
>
> Status of fixes
> ---------------
> I had reported this issue at 2000/Nov/15 and discussed this
> issue. IPSwitch has not release a patch yet.
> I hope a fix program will be released as soon as possible.
>
> Status of fixes (Japanese Version)
> ---------------------------------
> I also reported this issue to Japanese distributor of IMail
> at 2000/Nov/15, but when I reported I used the evaluation version of
> IMail, they closed all responses. Their artitude is contrastive to
> IPSwitch's. I'd only wanted to exam what kind of bugs are still
> in the current version of IMail and wanted to make a short report
> to our customer.
> I wonder whether they really mean the evaluation copy is for
> the sake of evaluation and all vulnerability must be reported by
> the current customer.
>
> --
> SAKAI Yoriyuki / SNS (SecureNetService)Team / LAC Co., Ltd.
> [EMAIL PROTECTED]
> http://www.lac.co.jp/security/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
