Jack De Winter WinSMTP Buffer Overflow Vulnerability

Bugtraq ID:	1680
Class:	Boundary Condition Error
CVE:	CVE-2000-0833
Remote:	Yes
Local:	Yes
Published:	Sep 11 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	Discovered by Dethy <[email protected]> and posted to Bugtraq on September 11, 2000 by Guido Bakker <[email protected]>.
Vulnerable:	Jack De Winter WinSMTP 2.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Jack De Winter WinSMTP 1.6 f - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0
Not Vulnerable:

Jack De Winter WinSMTP Buffer Overflow Vulnerability

A number of unchecked buffers exist in the SMTP and POP3 components of Jack De Winter's WinSMTP mail daemon which could lead to denial of service attacks or arbitrary code execution, depending on the data entered.

Sending a HELO command consisting of approximately 170 bytes or a USER command consisting of approximately 370 bytes will result in a Windows general protection fault error.

Jack De Winter WinSMTP Buffer Overflow Vulnerability

Dethy <[email protected]> has released the following exploit:

• /data/vulnerabilities/exploits/winsmtpdos.pl

Jack De Winter WinSMTP Buffer Overflow Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Jack De Winter WinSMTP Buffer Overflow Vulnerability

References:

• WinSMTPD remote exploit/DoS problem (Dethy)