ISMAIL (All Versions) Remote Buffer Overrun

2007.10.20
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

NGSSoftware Insight Security Research Advisory Name: ISMAIL v 1.25 & v 1.4.3 Remote Buffer Overrun Systems Affected: WinNT, Win2K, XP Severity: High Risk Category: Remote Buffer Overrun Vendor URL: http://instantservers.com/ismail.html Author: Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 27th February 2003 Advisory number: #NISR27022003 Vendor Description ****************** ISMail is a powerful yet easy to use mail server for Windows 95/98/ME/NT/2000 & XP. It supports complete email service for both home and office use, and runs on a dedicated or a shared machine Details ******* There exists a buffer overrun vulnerability in the SMTP service offered by ISMAIL. By supplying long Domain name values in either the MAIL FROM: or RCPT TO: values, an attacker can overwrite the saved returned return address on the stack. As ISMAIL runs as a LOCALSYSTEM account, any arbitrary code executed on the server being passed by an attacker will run with system privileges. If no code is supplied, ISMAIL will simply crash leaving a file in the outgoing message folder which will immediately trigger the error once ISMail is restarted. Fix Information *************** The vendor has fixed the problems using the following: ISMail 1.4.5 (and subsequent versions) accept domain names up to 255 characters in length. Domain names exceeding this length in the 'mail from' and 'rcpt to' commands will result in a response of: '501 Syntax error in parameters' Further, SMTP 'mail from' and 'rcpt to' command lines exceeding 1024 characters (including the CRLF) will result in a response of: '500 Line too long' The fix is available from http://instantservers.com/download/ism145.exe Despite this is a BETA release, if you are running ISMAIL version 1.4.3 or below, NGS recommend upgrading to the BETA version to protect yourself from possible attacks. I would like to add that the vendors of ISMAIL reproduced, fixed and made a patch available within 48 hours of notification A check for these issues has been added to Typhon II, of which more information is available from the NGSSoftware website, http://www.ngssoftware.com. Further Information ******************* For further information about the scope and effects of buffer overflows, please see http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf http://www.ngssoftware.com/papers/ntbufferoverflow.html http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf http://www.ngssoftware.com/papers/unicodebo.pdf


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top