Subject: [w00giving '99 #16]: DoS in CSM mail server (USSR)

Release Date: December 29, 1999

Systems Affected:
CSM Mail Server for Windows 95/NT and others old versions.
Versions: 2000-01A, 1999-07M, 1999-07I, 1999-07H, 1999-07G, 1999-07F, 

About The Software:
CSM mail server for Windows 95/NT allows:
* FIREWALL is usefull to reject unwanted calls to the SMTP server.
* ANTI-SPAMMING is usefull to reject unwanted messages.
* To define VIRTUAL DOMAINS which are physically manage by the
  server itself.
* To define SECONDARY DOMAINS which are physically managed by the
  same or another server computer.
* To ROUTE (send or receive) messages between itself and the Internet.
* To ROUTE (send via SMTP) received message to the secondary domains.
* To TRANSFER (send or receive) messages between itself and the
  worktations attached to the local area network (LAN).
* To MANAGE the user mailboxes.
* To DISRIBUTE the messages in the mailboxes.
* It can be installed behind a Firewall or a CSM Proxy server.


UssrLabs found a remote buffer overflow, that allow someone to crash the
server (DoS) by passing a lengthy HELO command.

[$ telnet 25
Connected to
Escape character is '^]'.
220 SMTP CSM Mail Server ready at (Version 2000.08.A -
helo [buffer]

[buffer] = approx 2000 chars

Do you do the w00w00?
This advisory also acts as part of w00giving. This is another contribution
to w00giving for all you w00nderful people out there. You do know what
w00giving is don't you?

Vendor Status: Contacted
Program URL:

Because the vendor doesn't release source to the mail server, wait for
them to release a patch.

eEye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic and

NOTE: will be done for a few days while we relocate

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h

Back to Advisories Back to the main page