Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Network Appliances :: ies.htm

Intel InBusiness eMail Station - remote telnet DoS



Vulnerability

    Intel InBusiness eMail Station

Affected

    Intel corporation 'InBusiness eMail Station' firmware version 1.04.87

Description

    Knud Erik Højgaard found a buffer overflow in the Intel InBusiness
    eMail Station, which can enable an attacker to execute a denial of
    service attack against it.

    Example:

        [foo@bar]$ telnet mailstation 110
        Trying mailstation...
        Connected to mailstation.
        Escape character is '^]'.
        +OK Pop server at mailstation starting. <2831812.972049732@mail>
        user [buffer]

    where [buffer] is appx. 620 chars of your own choice.(tried A  and
    %, expect all to work)

    The box(a nice  little piece of  hardware with built-in  harddrive
    and all) will stop responding, and needs a power cycle to  restore
    function.

Solution

    Intel was contacted and informed of  the bug, and all they had  to
    say was "You're  using it in  a way its  not supposed to  be used"
    (Knud told them  it was on  a leased line)  - in their  opinion it
    doesn't matter since  its possible to  connect a modem  to it, and
    use it for retrieving mail and distributing it locally.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH