Hi,

I will look for these, but when I wrote the mailserver, I was confident at 
programming but little experience of Delphi or ICS, so I don't think I will 
actually have written code like that. However, I definately have a look. 
Thanks for your help.

Arno,
Yes, only SMTP and POP clients are with ICS. I had to "roll my own" sort 
of... from TWSocket. It wasn't difficult once I understood the concept, but 
I was wondering if since I wrote my mailserver, that any exploits as I 
mentioned it had been discovered. The idea being to guide me which side of 
the software to look at and also to bring to the surface if there was a 
problem with ICS.

It however does look like it is my side.

Francois, whilst I was writing this, I got your response... I am now looking 
it it.

Sorry for disturbing you all and thanks again for the help.

Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
----- Original Message ----- 
From: "Piotr Dałek" <[EMAIL PROTECTED]>
To: "ICS support mailing" <twsocket@elists.org>
Sent: Friday, March 16, 2007 8:57 PM
Subject: Re: [twsocket] Buffer overflow in SMTP


> David Colliver napisał(a):
>> Try this
>> http://secunia.com/advisories/22559/
>>
>> There are two mentions of it. This one for SMTP, the other for the POP3.
>>
>> The software I developed was a mailserver.
>
> Now that's a whole different thing! I don't remember that ICS has/had
> any SMTP/POP3 _server_ components, so you're forced to find a bug on
> your own.
>
>> It has client components and
>> server components to handle both sides... One to receive SMTP, the other 
>> to
>> send SMTP, one to receive POP3, the other to send POP3.
>>
>> It is the server side that is being exploited.
>>
>> This one has more information, including code to exploit it.
>> http://www.securityfocus.com/bid/20709
>>
>> I am just about to upload a probable fix to my initial server.
>
> It seems to be easy one. Just check whether you use some kind of stack
> buffer, like this:
>
> var
>  buffer: array[1..4096] of char
>
> or something like
>
> var
>  buffer: string;
> [..]
> SetLength(buffer, 4096);
>
> and then you use
>
> move([source], buffer[1], [any length]);
>
> without checking whether [any length]<=4096 or not.
> Yes, such mistakes are then taken as a whole great buffer overflows and
> extremely critical "system access" and/or "DoS" security vulnerabilities. 
> ;)
>
> Good luck!
>
> -- 
> .oooO  /~) (~\  Oooo.  "Programowanie to   |        Piotr Dałek
> (   ) / (   ) \ (   ) *najprzyjemniejsza*  |   [EMAIL PROTECTED]
>  \ ( (   ) (   ) ) /   rzecz, jaką można   |   http://www.hcm.prv.pl/
>   \_)'oooO Oooo'(_/     robić w ubraniu"   |
>
> ----------------------------------------------------------------------
> Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
>
> -- 
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://www.elists.org/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be 

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to