[12383] in bugtraq
Re: Netscape Messaging Server RCPT TO vul.
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Fri Oct 29 14:46:12 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199910291417.EID96275.BO-XNJ@lac.co.jp>
Date: Fri, 29 Oct 1999 14:17:52 -0400
Reply-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
From: Nobuo Miwa <n-miwa@LAC.CO.JP>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.05.9910291840500.3354-100000@mailhost.manawatu.net.nz>
Thank you for good information.
But, Netscape Messaging Server(NMS) cannot filter following
patterns..
rcpt to: postmaster@somewhere.dom <-- correct address
rcpt to: postmaster@somewhere.dom
...
unlimited times
...
I guess NMS allocate all RCPT TO in NT's memory by malloc() and
somehow they never free them. That's the problem.
AND you cannot see any log after this attack.
Ciao
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------
