Hi, I will look for these, but when I wrote the mailserver, I was confident at programming but little experience of Delphi or ICS, so I don't think I will actually have written code like that. However, I definately have a look. Thanks for your help.
Arno, Yes, only SMTP and POP clients are with ICS. I had to "roll my own" sort of... from TWSocket. It wasn't difficult once I understood the concept, but I was wondering if since I wrote my mailserver, that any exploits as I mentioned it had been discovered. The idea being to guide me which side of the software to look at and also to bring to the surface if there was a problem with ICS. It however does look like it is my side. Francois, whilst I was writing this, I got your response... I am now looking it it. Sorry for disturbing you all and thanks again for the help. Best regards, Dave Colliver. http://www.AshfieldFOCUS.com ~~ http://www.FOCUSPortals.com - Local franchises available ----- Original Message ----- From: "Piotr Dałek" <[EMAIL PROTECTED]> To: "ICS support mailing" <email@example.com> Sent: Friday, March 16, 2007 8:57 PM Subject: Re: [twsocket] Buffer overflow in SMTP > David Colliver napisał(a): >> Try this >> http://secunia.com/advisories/22559/ >> >> There are two mentions of it. This one for SMTP, the other for the POP3. >> >> The software I developed was a mailserver. > > Now that's a whole different thing! I don't remember that ICS has/had > any SMTP/POP3 _server_ components, so you're forced to find a bug on > your own. > >> It has client components and >> server components to handle both sides... One to receive SMTP, the other >> to >> send SMTP, one to receive POP3, the other to send POP3. >> >> It is the server side that is being exploited. >> >> This one has more information, including code to exploit it. >> http://www.securityfocus.com/bid/20709 >> >> I am just about to upload a probable fix to my initial server. > > It seems to be easy one. Just check whether you use some kind of stack > buffer, like this: > > var > buffer: array[1..4096] of char > > or something like > > var > buffer: string; > [..] > SetLength(buffer, 4096); > > and then you use > > move([source], buffer, [any length]); > > without checking whether [any length]<=4096 or not. > Yes, such mistakes are then taken as a whole great buffer overflows and > extremely critical "system access" and/or "DoS" security vulnerabilities. > ;) > > Good luck! > > -- > .oooO /~) (~\ Oooo. "Programowanie to | Piotr Dałek > ( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED] > \ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/ > \_)'oooO Oooo'(_/ robić w ubraniu" | > > ---------------------------------------------------------------------- > Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be