• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SLMail 3.0.2421 Buffer Overflow 'Mail From' Vulnerability

A buffer overflow exists in Seattle Lab Software's SLMail program that allow an attacker to potential run arbitrary commands on any NT machine which has SLMail installed. By failing to properly bound the length of the "mail from" field, SLMail is left vulnerable to a stack overrun.

This is an exploitable overflow -- the author of the advisory gave extensive description to how one would go about writing an exploit for this problem, but did not publish an exploit. It should not be assumed, however, that exploits do not exist.