Hi Piotr, I just happened to come across the vulnerability as someone has reported it on many security websites. They have described it as this and have test code, but the code they use to test is not something I understand. I know of vulnerabilities, but as I am more a web developer than a windows developer, my security experience on windows is limited.
It certainly looks like email addresses. I know that 4000 bytes are unusual but this is how a lot of software tends to suffer from exploits like this, as 4000 bytes is not regularly tested for. I am going through my code. It may be where I am saving email address to the database... I have a field length of 100. I am going through all the code looking for where the commandtail (the second part of the email command) is saved and using Copy(commandtail, 1, 100) to ensure its length is less than the field length. I do know what year it is :-P. I know it is old, but I did say in my original email that I have not really had the opportunity to work with ICS or Delphi for a few years. It is just as I have found this vulnerability, that I have re-installed everything to find out what is happening. It took me a while to work out how to install the ICS package in the IDE. Downloading latest ICS, attempting to install it, uninstall if it doesn't work, re-install old version etc. etc. find that my laptop has said "i've had enough..." I was asking about potential problems with ICS that I may come up with. Not having used it, or delphi for a while, I was looking for tips to watch out for. It wasn't meant to come across as a "will you test it for me". It was more a sort of "if there are problems that are known, can you let me know as that could be the deciding factor as to wether I upgrade my ICS (as my current version appears to work, except for this problem that I am experiencing), as I may not have the knowledge to fix any issues that come up." Thanks. Best regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available ----- Original Message ----- From: "Piotr Dałek" <[EMAIL PROTECTED]> To: "ICS support mailing" <firstname.lastname@example.org> Sent: Friday, March 16, 2007 6:52 PM Subject: Re: [twsocket] Buffer overflow in SMTP > David Colliver napisał(a): >> Hi, >> >> I am using a fairly old version of ICS from 2002, with Delphi 5. I have >> not done much programming in Delphi since then, but I have become aware >> of a buffer overflow in the SMTP part of my application. At this moment, >> I don't know if it is ICS or my app that is causing it. > > We don't know either. BTW: we're in 2007, so your version is "a bit" old > ;-) > >> In the USER or RCPT TO: (I think USER is POP3, not SMTP...) if more than >> 4000 bytes are sent, then it apparently causes 100% cpu, DoS and will >> allow an attacker to run commands. > > Seems like you're "overscared" by all those today's vulnerabilities, > buffer overflow does not necessarily allow attacker to perform code > injection - and by the way, why do you suppose that it's the "buffer > overflow", not other kind of vulnerability, like infinite loop? Why do > you suppose it's a vulnerablity? It's a bug, no question, but saying > about vulnerability is like saying that you'll die of headache (just > because it's pain). > About your case: who would like to have/use 4kb-sized email address?! If > you can't limit that in your software, check whether component does. If > you mean a group of recipients that take more than 4000 bytes, it may be > a bug in ICS, so you should upgrade your components. > Anyway, it's a good idea to use debugger. When you're at 100% cpu, just > use debugger's "pause" feature and then "step over" or "trace into", to > have a look where and why you're looping. > >> As I haven't done anything with ICS or Delphi for a while, I am not sure >> where to look. >> >> Also, if I download the latest ICS, will there be anything that is likely >> to cause me programming difficulties? Will any buffer overflow >> vulnerabilities been fixed? > > Make a copy of your ICS, install new, and check it on your own. Is that > so difficult? Don't expect us to do your homework. We have ours. > > -- > .oooO /~) (~\ Oooo. "Programowanie to | Piotr Dałek > ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] > \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ > \_)'oooO Oooo'(_/ robić w ubraniu" | > > ---------------------------------------------------------------------- > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be