Info

Disclosure

Apr 08, 1998

Discovery

Unknown

Dates

Exploit

Apr 08, 1998

Solution

Unknown

Description

A remote overflow exists in the Microsoft Exchange Mail Transfer Agent (MTA). The 'HELO' command fails to perform proper bounds checking resulting in a buffer overflow. With an overly long request to the command, a remote attacker can cause the SMTP service to crash resulting in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

AppleShare IP Mail Server

5.0.3

Ipswitch, Inc.

IMail Server

5.0

Microsoft Corporation	Exchange Server	4.0
		5.0
		5.0 SP1

Seattle Lab	SLMail	2.6
		3.1

Stalker

Internet Mail Server

1.6

References

CVE ID: 1999-0284 (see also: NVD)
Bugtraq ID: 8555 8621
ISS X-Force ID: 886
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0039.html
http://archives.neohapsis.com/archives/bugtraq/1998_2/0040.html
http://archives.neohapsis.com/archives/bugtraq/1998_2/0046.html
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD19990204.html
http://www.eeye.com/html/Research/Advisories/AD19990204.html [ Link is 404 ]
Vendor URL: http://www.microsoft.com/

Credit

Chris Wedgwood - chriscybernet.co.nz -

Direct URL: http://osvdb.org/5855

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Inc.

AppleShare IP Mail Server

Ipswitch, Inc.

IMail Server

Microsoft Corporation

Exchange Server

Seattle Lab

SLMail

Stalker

Internet Mail Server

References

Credit