Date: Вс, 07 ноя 1999 15:52:29
От: dark spyrit <dspyrit@BEAVUH.ORG>
Кому: BUGTRAQ@SECURITYFOCUS.COM
Тема: Interscan VirusWall NT 3.23/3.3 buffer overflow.
--------------------------------------------------------------------------------
A buffer overflow exists on the VirusWall smtp gateway - by sending a long
HELO command you can overflow the buffer and execute arbitrary code.
Example code has been written which will spawn a command prompt on a port
you specify.
Before you shrug this one off, take a look:
Connected to mail1.microsoft.com.
Escape character is '^]'.
220 mail1.microsoft.com InterScan VirusWall NT ESMTP 3.23 (build 9/10/99)
ready
at Sun, 07 Nov 1999 03:38:44 -0800 (Pacific Standard Time)
The ironic thing here is, VirusWall was designed to prevent viruses and
'malicious code'.
Obviously not a lot of thought was taken before laying their trust into
3rd party 'security' products.
A quick note to the millions out there who would give their right arm to
compromise microsofts network - sorry, their firewall would prevent the
payload from spawning a remote shell.. unless of course it was modified to
stop an existing service to open a port :)
