Security Advisories | Buffer Overflow | iSMTP Gateway Buffer Overflow Vulnerability
Vendor: Incognito Systems
Version Affected: 5.1.0
Type: Buffer Overflow
Severity: Medium-High
Date released: 11th November 2002

iSMTP Gateway is a Mail Gateway software from Incognito Systems. From the vendor's email: "The iSMTP gateway runs only on the Banyan VINES operating system (or Banyan ST4NT). Banyan ceased any further development on VINES 2 years ago and hasrefused to provide any support on the product for well over a year. Ten years ago when the iSMTP software was written it was used by virtually every member of the Fortune 1000, most Universities world-wide and the entire U.S. military. "

If a user sends an overly long MAIL FROM: command, the server responds with a 'Command Unrecognised' response and subsequently crashes. We speculate that this probably happens when the system tries to make an entry into the log file or something else of that nature. That the system is able to give a valid response before crashing implies that the buffer overflow probably takes place at some later stage of processing the input. We do not yet know the exact length of the string that needs to follow the MAIL FROM: command in order to crash the software. We used a string which consisted of about 4000 'A's We tested this on version 5.0.1 of the iSMTP software.

The vendor notifies us that they have been unable to replicate the error in the latest version of the software, which is available from ftp://ftp.incognito.com.