Re: [twsocket] Buffer overflow in SMTP
On Mar 16, 2007, at 15:51, David Colliver wrote: > It certainly looks like email addresses. I know that 4000 bytes are > unusual > but this is how a lot of software tends to suffer from exploits like > this, > as 4000 bytes is not regularly tested for. Its the responsibility of the application to check for buffer allocation, not the component. The component is built to take what you give it. dZ. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
Arno Garrels wrote: > David Colliver wrote: >> It however does look like it is my side. > > Check your code in OnDataAvailable events. > A connection should be dropped (may be with an error response) > if a client attempts to send lines longer than the receive buffer > size or longer than the maximum allowed line length specified in the > SMTP which is 1024 bytes. If you use LineMode TWSocket provides a built-in check since 2000, see property LineLimit as well as event OnLineLimitExceeded. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > -- > Arno Garrels [TeamICS] > http://www.overbyte.be/eng/overbyte/teamics.html > > >> >> Francois, whilst I was writing this, I got your response... I am now >> looking it it. >> >> Sorry for disturbing you all and thanks again for the help. >> >> Best regards, >> Dave Colliver. >> http://www.AshfieldFOCUS.com >> ~~ >> http://www.FOCUSPortals.com - Local franchises available >> - Original Message - >> From: "Piotr Dalek" <[EMAIL PROTECTED]> >> To: "ICS support mailing" >> Sent: Friday, March 16, 2007 8:57 PM >> Subject: Re: [twsocket] Buffer overflow in SMTP >> >> >>> David Colliver napisal(a): >>>> Try this >>>> http://secunia.com/advisories/22559/ >>>> >>>> There are two mentions of it. This one for SMTP, the other for the >>>> POP3. >>>> >>>> The software I developed was a mailserver. >>> >>> Now that's a whole different thing! I don't remember that ICS >>> has/had any SMTP/POP3 _server_ components, so you're forced to find >>> a bug on your own. >>> >>>> It has client components and >>>> server components to handle both sides... One to receive SMTP, the >>>> other to >>>> send SMTP, one to receive POP3, the other to send POP3. >>>> >>>> It is the server side that is being exploited. >>>> >>>> This one has more information, including code to exploit it. >>>> http://www.securityfocus.com/bid/20709 >>>> >>>> I am just about to upload a probable fix to my initial server. >>> >>> It seems to be easy one. Just check whether you use some kind of >>> stack buffer, like this: >>> >>> var >>> buffer: array[1..4096] of char >>> >>> or something like >>> >>> var >>> buffer: string; >>> [..] >>> SetLength(buffer, 4096); >>> >>> and then you use >>> >>> move([source], buffer[1], [any length]); >>> >>> without checking whether [any length]<=4096 or not. >>> Yes, such mistakes are then taken as a whole great buffer overflows >>> and extremely critical "system access" and/or "DoS" security >>> vulnerabilities. ;) >>> >>> Good luck! >>> >>> -- >>> .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dalek >>> ( ) / ( ) \ ( ) *najprzyjemniejsza* | >>> [EMAIL PROTECTED] \ ( ( ) ( ) ) / rzecz, jaka mozna | >>> http://www.hcm.prv.pl/ \_)'oooO Oooo'(_/ robic w ubraniu" | >>> >>> >>> - - Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e >>> >>> -- >>> To unsubscribe or change your settings for TWSocket mailing list >>> please goto http://www.elists.org/mailman/listinfo/twsocket >>> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver wrote: > It however does look like it is my side. Check your code in OnDataAvailable events. A connection should be dropped (may be with an error response) if a client attempts to send lines longer than the receive buffer size or longer than the maximum allowed line length specified in the SMTP which is 1024 bytes. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > Francois, whilst I was writing this, I got your response... I am now > looking it it. > > Sorry for disturbing you all and thanks again for the help. > > Best regards, > Dave Colliver. > http://www.AshfieldFOCUS.com > ~~ > http://www.FOCUSPortals.com - Local franchises available > - Original Message - > From: "Piotr Dalek" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Friday, March 16, 2007 8:57 PM > Subject: Re: [twsocket] Buffer overflow in SMTP > > >> David Colliver napisal(a): >>> Try this >>> http://secunia.com/advisories/22559/ >>> >>> There are two mentions of it. This one for SMTP, the other for the >>> POP3. >>> >>> The software I developed was a mailserver. >> >> Now that's a whole different thing! I don't remember that ICS has/had >> any SMTP/POP3 _server_ components, so you're forced to find a bug on >> your own. >> >>> It has client components and >>> server components to handle both sides... One to receive SMTP, the >>> other to >>> send SMTP, one to receive POP3, the other to send POP3. >>> >>> It is the server side that is being exploited. >>> >>> This one has more information, including code to exploit it. >>> http://www.securityfocus.com/bid/20709 >>> >>> I am just about to upload a probable fix to my initial server. >> >> It seems to be easy one. Just check whether you use some kind of >> stack buffer, like this: >> >> var >> buffer: array[1..4096] of char >> >> or something like >> >> var >> buffer: string; >> [..] >> SetLength(buffer, 4096); >> >> and then you use >> >> move([source], buffer[1], [any length]); >> >> without checking whether [any length]<=4096 or not. >> Yes, such mistakes are then taken as a whole great buffer overflows >> and extremely critical "system access" and/or "DoS" security >> vulnerabilities. ;) >> >> Good luck! >> >> -- >> .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dalek >> ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] >> \ ( ( ) ( ) ) / rzecz, jaka mozna | http://www.hcm.prv.pl/ >> \_)'oooO Oooo'(_/ robic w ubraniu" | >> >> - >> - Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e >> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver napisał(a): > I just happened to come across the vulnerability as someone has reported it > on many security websites. They have described it as this and have test > code, but the code they use to test is not something I understand. I know of > vulnerabilities, but as I am more a web developer than a windows developer, > my security experience on windows is limited. > It certainly looks like email addresses. I know that 4000 bytes are unusual > but this is how a lot of software tends to suffer from exploits like this, > as 4000 bytes is not regularly tested for. It's not just "not regularly tested for", but in most cases - "wrongly designed". That's right. > I am going through my code. It may be where I am saving email address to the > database... I have a field length of 100. I am going through all the code > looking for where the commandtail (the second part of the email command) is > saved and using Copy(commandtail, 1, 100) to ensure its length is less than > the field length. Use if length(commandtail)>100 then setlength(commandtail, 100); -- faster and does the same thing. And by the way, although I've seen some DB drivers that fail on specific kinds of data error (like overlonged field values), some "100% CPU usage" errors come from enormous amounts of memory reallocation (like writing 160MB file to TMemoryStream in 4096byte chunks). You can see this by checking whether your program "page faults" count skyrockets (like, say, 1 or more per second). Anyway - you have your code, you have debugger, you have exploit, you have to find out what's wrong. > I do know what year it is :-P. :) > I know it is old, but I did say in my > original email that I have not really had the opportunity to work with ICS > or Delphi for a few years. It is just as I have found this vulnerability, > that I have re-installed everything to find out what is happening. It took > me a while to work out how to install the ICS package in the IDE. > Downloading latest ICS, attempting to install it, uninstall if it doesn't > work, re-install old version etc. etc. find that my laptop has said "i've > had enough..." Do something like this: having installed one version of ICS, DO NOT uninstall it. Instead, close Delphi, backup the directory where ICS is stored, delete all .dcu files made during ICS installation (and .exe file generation, if applicable), extract another version to the ICS directory, run delphi and then recompile your program (NOT ICS PACKAGE) and check it. This method will fail if there are changes to published declarations (and you have dropped any ICS components on any form), but if not, this is the quick and easy way to go. After all, you can restore original ICS version from backup and, if it's the solution, reinstall new version properly. > I was asking about potential problems with ICS that I may come up with. Not > having used it, or delphi for a while, I was looking for tips to watch out > for.It wasn't meant to come across as a "will you test it for me". It was > more a sort of "if there are problems that are known, can you let me know as > that could be the deciding factor as to wether I upgrade my ICS (as my > current version appears to work, except for this problem that I am > experiencing), as I may not have the knowledge to fix any issues that come > up." As I said before - just upgrade and see it for yourself. If there are any (known) vulnerabilities - someone will try to fix it ASAP, so staying with current version is the way to go. Some changes required breaking backward compatibility (what's unacceptable for some, no matter what profit it would give), some not - if you're upgrading from 2002 version, it's more than just "possible" that something won't work, so first try to find where whole thing loops and try to find out why. It may be not because of ICS. -- .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dałek ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ \_)'oooO Oooo'(_/ robić w ubraniu" | -- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
Hi, I will look for these, but when I wrote the mailserver, I was confident at programming but little experience of Delphi or ICS, so I don't think I will actually have written code like that. However, I definately have a look. Thanks for your help. Arno, Yes, only SMTP and POP clients are with ICS. I had to "roll my own" sort of... from TWSocket. It wasn't difficult once I understood the concept, but I was wondering if since I wrote my mailserver, that any exploits as I mentioned it had been discovered. The idea being to guide me which side of the software to look at and also to bring to the surface if there was a problem with ICS. It however does look like it is my side. Francois, whilst I was writing this, I got your response... I am now looking it it. Sorry for disturbing you all and thanks again for the help. Best regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available - Original Message - From: "Piotr Dałek" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, March 16, 2007 8:57 PM Subject: Re: [twsocket] Buffer overflow in SMTP > David Colliver napisał(a): >> Try this >> http://secunia.com/advisories/22559/ >> >> There are two mentions of it. This one for SMTP, the other for the POP3. >> >> The software I developed was a mailserver. > > Now that's a whole different thing! I don't remember that ICS has/had > any SMTP/POP3 _server_ components, so you're forced to find a bug on > your own. > >> It has client components and >> server components to handle both sides... One to receive SMTP, the other >> to >> send SMTP, one to receive POP3, the other to send POP3. >> >> It is the server side that is being exploited. >> >> This one has more information, including code to exploit it. >> http://www.securityfocus.com/bid/20709 >> >> I am just about to upload a probable fix to my initial server. > > It seems to be easy one. Just check whether you use some kind of stack > buffer, like this: > > var > buffer: array[1..4096] of char > > or something like > > var > buffer: string; > [..] > SetLength(buffer, 4096); > > and then you use > > move([source], buffer[1], [any length]); > > without checking whether [any length]<=4096 or not. > Yes, such mistakes are then taken as a whole great buffer overflows and > extremely critical "system access" and/or "DoS" security vulnerabilities. > ;) > > Good luck! > > -- > .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dałek > ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] > \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ > \_)'oooO Oooo'(_/ robić w ubraniu" | > > -- > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
> Try this > http://secunia.com/advisories/22559/ > This one has more information, including code to exploit it. > http://www.securityfocus.com/bid/20709 Both are not a vulnerabilities in ICS but in an application using ICS. The vulnerability is in the way the application handle data received from the component. -- [EMAIL PROTECTED] The author for the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver napisał(a): > Try this > http://secunia.com/advisories/22559/ > > There are two mentions of it. This one for SMTP, the other for the POP3. > > The software I developed was a mailserver. Now that's a whole different thing! I don't remember that ICS has/had any SMTP/POP3 _server_ components, so you're forced to find a bug on your own. > It has client components and > server components to handle both sides... One to receive SMTP, the other to > send SMTP, one to receive POP3, the other to send POP3. > > It is the server side that is being exploited. > > This one has more information, including code to exploit it. > http://www.securityfocus.com/bid/20709 > > I am just about to upload a probable fix to my initial server. It seems to be easy one. Just check whether you use some kind of stack buffer, like this: var buffer: array[1..4096] of char or something like var buffer: string; [..] SetLength(buffer, 4096); and then you use move([source], buffer[1], [any length]); without checking whether [any length]<=4096 or not. Yes, such mistakes are then taken as a whole great buffer overflows and extremely critical "system access" and/or "DoS" security vulnerabilities. ;) Good luck! -- .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dałek ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ \_)'oooO Oooo'(_/ robić w ubraniu" | -- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver wrote: > Try this > http://secunia.com/advisories/22559/ > > There are two mentions of it. This one for SMTP, the other for the > POP3. Only, there's neither a SMTP nor a POP3 server shipped with ICS. You propably need to rework your code. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html > > This one has more information, including code to exploit it. > http://www.securityfocus.com/bid/20709 > > I am just about to upload a probable fix to my initial server. > > Best regards, > Dave Colliver. > http://www.AshfieldFOCUS.com > ~~ > http://www.FOCUSPortals.com - Local franchises available > - Original Message - > From: "Arno Garrels" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Friday, March 16, 2007 8:16 PM > Subject: Re: [twsocket] Buffer overflow in SMTP > > >> David Colliver wrote: >>> Hi Piotr, >>> >>> I just happened to come across the vulnerability as someone has >>> reported it on many security websites. >> >> Any links? >> >> BTW: You talked about client components ( SMTP or POP3 ? ), targets >> of buffer overflow-attacks usually are servers, otherwise the >> server was the attacker. >> >> -- >> Arno Garrels [TeamICS] >> http://www.overbyte.be/eng/overbyte/teamics.html >> >> >> >> >> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
Try this http://secunia.com/advisories/22559/ There are two mentions of it. This one for SMTP, the other for the POP3. The software I developed was a mailserver. It has client components and server components to handle both sides... One to receive SMTP, the other to send SMTP, one to receive POP3, the other to send POP3. It is the server side that is being exploited. This one has more information, including code to exploit it. http://www.securityfocus.com/bid/20709 I am just about to upload a probable fix to my initial server. Best regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available - Original Message - From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, March 16, 2007 8:16 PM Subject: Re: [twsocket] Buffer overflow in SMTP > David Colliver wrote: >> Hi Piotr, >> >> I just happened to come across the vulnerability as someone has >> reported it on many security websites. > > Any links? > > BTW: You talked about client components ( SMTP or POP3 ? ), targets > of buffer overflow-attacks usually are servers, otherwise the server was > the attacker. > > -- > Arno Garrels [TeamICS] > http://www.overbyte.be/eng/overbyte/teamics.html > > > > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver wrote: > Hi Piotr, > > I just happened to come across the vulnerability as someone has > reported it on many security websites. Any links? BTW: You talked about client components ( SMTP or POP3 ? ), targets of buffer overflow-attacks usually are servers, otherwise the server was the attacker. -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
Hi Piotr, I just happened to come across the vulnerability as someone has reported it on many security websites. They have described it as this and have test code, but the code they use to test is not something I understand. I know of vulnerabilities, but as I am more a web developer than a windows developer, my security experience on windows is limited. It certainly looks like email addresses. I know that 4000 bytes are unusual but this is how a lot of software tends to suffer from exploits like this, as 4000 bytes is not regularly tested for. I am going through my code. It may be where I am saving email address to the database... I have a field length of 100. I am going through all the code looking for where the commandtail (the second part of the email command) is saved and using Copy(commandtail, 1, 100) to ensure its length is less than the field length. I do know what year it is :-P. I know it is old, but I did say in my original email that I have not really had the opportunity to work with ICS or Delphi for a few years. It is just as I have found this vulnerability, that I have re-installed everything to find out what is happening. It took me a while to work out how to install the ICS package in the IDE. Downloading latest ICS, attempting to install it, uninstall if it doesn't work, re-install old version etc. etc. find that my laptop has said "i've had enough..." I was asking about potential problems with ICS that I may come up with. Not having used it, or delphi for a while, I was looking for tips to watch out for. It wasn't meant to come across as a "will you test it for me". It was more a sort of "if there are problems that are known, can you let me know as that could be the deciding factor as to wether I upgrade my ICS (as my current version appears to work, except for this problem that I am experiencing), as I may not have the knowledge to fix any issues that come up." Thanks. Best regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available - Original Message - From: "Piotr Dałek" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, March 16, 2007 6:52 PM Subject: Re: [twsocket] Buffer overflow in SMTP > David Colliver napisał(a): >> Hi, >> >> I am using a fairly old version of ICS from 2002, with Delphi 5. I have >> not done much programming in Delphi since then, but I have become aware >> of a buffer overflow in the SMTP part of my application. At this moment, >> I don't know if it is ICS or my app that is causing it. > > We don't know either. BTW: we're in 2007, so your version is "a bit" old > ;-) > >> In the USER or RCPT TO: (I think USER is POP3, not SMTP...) if more than >> 4000 bytes are sent, then it apparently causes 100% cpu, DoS and will >> allow an attacker to run commands. > > Seems like you're "overscared" by all those today's vulnerabilities, > buffer overflow does not necessarily allow attacker to perform code > injection - and by the way, why do you suppose that it's the "buffer > overflow", not other kind of vulnerability, like infinite loop? Why do > you suppose it's a vulnerablity? It's a bug, no question, but saying > about vulnerability is like saying that you'll die of headache (just > because it's pain). > About your case: who would like to have/use 4kb-sized email address?! If > you can't limit that in your software, check whether component does. If > you mean a group of recipients that take more than 4000 bytes, it may be > a bug in ICS, so you should upgrade your components. > Anyway, it's a good idea to use debugger. When you're at 100% cpu, just > use debugger's "pause" feature and then "step over" or "trace into", to > have a look where and why you're looping. > >> As I haven't done anything with ICS or Delphi for a while, I am not sure >> where to look. >> >> Also, if I download the latest ICS, will there be anything that is likely >> to cause me programming difficulties? Will any buffer overflow >> vulnerabilities been fixed? > > Make a copy of your ICS, install new, and check it on your own. Is that > so difficult? Don't expect us to do your homework. We have ours. > > -- > .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dałek > ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] > \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ > \_)'oooO Oooo'(_/ robić w ubraniu" | > > -- > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
David Colliver napisał(a): > Hi, > > I am using a fairly old version of ICS from 2002, with Delphi 5. I have not > done much programming in Delphi since then, but I have become aware of a > buffer overflow in the SMTP part of my application. At this moment, I don't > know if it is ICS or my app that is causing it. We don't know either. BTW: we're in 2007, so your version is "a bit" old ;-) > In the USER or RCPT TO: (I think USER is POP3, not SMTP...) if more than 4000 > bytes are sent, then it apparently causes 100% cpu, DoS and will allow an > attacker to run commands. Seems like you're "overscared" by all those today's vulnerabilities, buffer overflow does not necessarily allow attacker to perform code injection - and by the way, why do you suppose that it's the "buffer overflow", not other kind of vulnerability, like infinite loop? Why do you suppose it's a vulnerablity? It's a bug, no question, but saying about vulnerability is like saying that you'll die of headache (just because it's pain). About your case: who would like to have/use 4kb-sized email address?! If you can't limit that in your software, check whether component does. If you mean a group of recipients that take more than 4000 bytes, it may be a bug in ICS, so you should upgrade your components. Anyway, it's a good idea to use debugger. When you're at 100% cpu, just use debugger's "pause" feature and then "step over" or "trace into", to have a look where and why you're looping. > As I haven't done anything with ICS or Delphi for a while, I am not sure > where to look. > > Also, if I download the latest ICS, will there be anything that is likely to > cause me programming difficulties? Will any buffer overflow vulnerabilities > been fixed? Make a copy of your ICS, install new, and check it on your own. Is that so difficult? Don't expect us to do your homework. We have ours. -- .oooO /~) (~\ Oooo. "Programowanie to |Piotr Dałek ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ \_)'oooO Oooo'(_/ robić w ubraniu" | -- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Buffer overflow in SMTP
> Also, if I download the latest ICS, will there be anything that is likely > to cause me programming difficulties? The latest ICS-V5 should probably work immediately with your old Delphi 5. If not, only minor issue could pops up. Feel free to report any problem here. Don't forget to include the exact error message you may get. > Will any buffer overflow vulnerabilities been fixed? There is no known vulnerability in ICS code. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "David Colliver" <[EMAIL PROTECTED]> To: Sent: Friday, March 16, 2007 7:28 PM Subject: [twsocket] Buffer overflow in SMTP > Hi, > > I am using a fairly old version of ICS from 2002, with Delphi 5. I have > not done much programming in Delphi since then, but I have become aware of > a buffer overflow in the SMTP part of my application. At this moment, I > don't know if it is ICS or my app that is causing it. > > In the USER or RCPT TO: (I think USER is POP3, not SMTP...) if more than > 4000 bytes are sent, then it apparently causes 100% cpu, DoS and will > allow an attacker to run commands. > > As I haven't done anything with ICS or Delphi for a while, I am not sure > where to look. > > Also, if I download the latest ICS, will there be anything that is likely > to cause me programming difficulties? Will any buffer overflow > vulnerabilities been fixed? > > Thanks. > > Best regards, > Dave Colliver. > http://www.AshfieldFOCUS.com > ~~ > http://www.FOCUSPortals.com - Local franchises available > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
