|
|
|
|
| |
| The iSMTP gateway runs only on the Banyan VINES operating system (or Banyan ST4NT). Banyan ceased any further development on VINES 2 years ago and has refused to provide any support on the product for well over a year. Ten years ago when the iSMTP software was written it was used by virtually every member of the Fortune 1000, most Universities world-wide and the entire U.S. military. A buffer overflow vulnerability in the product allows remote attackers to cause it to crash. |
| |
Credit:
The information has been provided by K. K. Mookhey.
|
| |
Vulnerable systems:
* iSMTP version 5.0.1
If a user sends an overly long MAIL FROM: command, the server responds with a 'Command Unrecognized' response and subsequently crashes. K. K. Mookhey speculates that this probably happens when the system tries to make an entry into the log file or something else of that nature. Since the system is able to give a valid response before crashing implies that the buffer overflow probably takes place at some later stage of processing the input. K. K. Mookhey does not yet know the exact length of the string that needs to follow the MAIL FROM: command in order to crash the software. K. K. Mookhey used a string which consisted of about 4000 'A's.
Vendor Response:
The vendor notified us that they have been unable to replicate the error in the latest version of the software, which is available from ftp://ftp.incognito.com. Therefore any users of iSMTP should verify this for themselves and in the case they are vulnerable upgrade.
Suggested Workarounds:
In case, you are not using the latest version of the software, K. K. Mookhey strongly urges you to upgrade. More information on this can be obtained from customer support at Incognito.
|
|
|
|
|
|
|
|
|
|
