[15517] in bugtraq
DoS in FirstClass Internet Services 5.770
daemon@ATHENA.MIT.EDU (Adam Prime)
Wed Jun 28 15:57:55 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <4.3.2.7.2.20000627222545.00b06c80@mailbox80.utcc.utoronto.ca>
Date: Tue, 27 Jun 2000 22:35:21 -0400
Reply-To: Adam Prime <adam.prime@UTORONTO.CA>
From: Adam Prime <adam.prime@UTORONTO.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
We got a bizarre malformed mail from some dot com that hasn't learned about
BCC yet with a 1.4 meg To: Header. The mail was handled fine by
Software.com's Post.Office, but when Post.Office tried to pass the mail to
our FirstClass server, the First Class Internet Services process would
hang. I wrote a perl script to send other emails with gigantic headers,
but i was unable to reproduce the problem with just large headers (though
it did bring the system to a crawl, and eventually cause strange things to
happen). The original email put's the Internet Services process into "Not
responding" after only 30 seconds or so.
a demonstration perl script which will crash FCIS Internet Services is
available at http://doot.dyndns.org/fcdos.tar.gz . Though be warned, it is
100 k or so because it contains a sanitized version of the original email
that we received (addresses obfuscated). Emails to the vendor were not
returned or acknowledged.
Adam
