Intel InBusiness eMail Station Denial of Service Vulnerability
BID:1844
Info
Intel InBusiness eMail Station Denial of Service Vulnerability
| Bugtraq ID: | 1844 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 20 2000 12:00AM |
| Updated: | Oct 20 2000 12:00AM |
| Credit: | This vulnerability was reported to bugtraq by Knud Erik Højgaard <[email protected]> on Fri, 20 Oct 2000. |
| Vulnerable: |
Intel Corporation InBusiness eMail Station 1.4.87 |
| Not Vulnerable: | |
Discussion
Intel InBusiness eMail Station Denial of Service Vulnerability
A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By supplying a string for USER of approximately 620 characters in length, it is possible for a remote attacker to overflow the relevant buffer. The device will halt in response, requiring the unit to be powered down and restarted. In addition to this denial of service, an attacker sufficiently familiar with the hardware architecture and firmware of this platform may, potentially, be able to exploit this overflow to place malicious machine code on the stack, permitting interference with or modification of the device's software, interception of messages, or another compromise of the unit's normal function.
A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By supplying a string for USER of approximately 620 characters in length, it is possible for a remote attacker to overflow the relevant buffer. The device will halt in response, requiring the unit to be powered down and restarted. In addition to this denial of service, an attacker sufficiently familiar with the hardware architecture and firmware of this platform may, potentially, be able to exploit this overflow to place malicious machine code on the stack, permitting interference with or modification of the device's software, interception of messages, or another compromise of the unit's normal function.
Exploit / POC
Intel InBusiness eMail Station Denial of Service Vulnerability
Excerpted from the original bugtraq post by Knud Erik Højgaard <[email protected]>:
---
example :
[foo@bar]$ telnet mailstation 110
Trying mailstation...
Connected to mailstation.
Escape character is '^]'.
+OK Pop server at mailstation starting. <2831812.972049732@mail>
user [buffer]
where [buffer] is appx. 620 chars of your own choice.(tried A and %, expect
all to work)
Symptoms: The box(a nice little piece of hardware with built-in harddrive
and all) will stop responding, and needs a power cycle to restore function.
Excerpted from the original bugtraq post by Knud Erik Højgaard <[email protected]>:
---
example :
[foo@bar]$ telnet mailstation 110
Trying mailstation...
Connected to mailstation.
Escape character is '^]'.
+OK Pop server at mailstation starting. <2831812.972049732@mail>
user [buffer]
where [buffer] is appx. 620 chars of your own choice.(tried A and %, expect
all to work)
Symptoms: The box(a nice little piece of hardware with built-in harddrive
and all) will stop responding, and needs a power cycle to restore function.
Solution / Fix
Intel InBusiness eMail Station Denial of Service Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Intel InBusiness eMail Station Denial of Service Vulnerability
References:
References: