[7241] in bugtraq
Seattle Lab fixes security issue in SLmail
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Jul 13 15:00:00 1998
Date: Sun, 12 Jul 1998 12:36:14 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
[ Denial of service? There is nothing like PR damage control. - a1 ]
---------- Forwarded message ----------
Date: Fri, 10 Jul 1998 22:54:07 GMT
From: Lee Thompson <lt@seattlelab.com>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Seattle Lab fixes security issue in SLmail
-- Beta release corrects denial of service problem --
BOTHELL, WA, July 10, 1998 -- Recently a security problem was discovered =
with the release
versions of both SLmail 3.0 for Windows NT and SLmail 2.6 for Windows 95.=
=20
Specifically, the problem is a denial of service attack, which is usually=
initiated from
outside the mail server site. If the MAIL FROM: line in the SMTP =
envelope exceeds 256
characters, it causes a critical error in SLmail's router and causes the =
SLmail.exe
service to shut down.
"Security is an extremely important priority to us at Seattle Lab," said =
President L.A.
Heberlein. "As soon as we were notified yesterday, we focused intensely=
on correcting
the problem, and we achieved a fix within twenty-four hours of first =
hearing about it."
The fix was incorporated in beta versions of SLmail 3.1 and SLmail 2.7. =
Customers who
would like to receive the beta versions should contact =
betaadmin@seattlelab.com. Please
put the product serial number in the subject line. We will post the =
release versions of
these programs to our download site as soon as testing is completed.
_
Lee Thompson lt@seattlelab.com
Seattle Lab Inc. http://www.seattlelab.com
Product Manager
