CSM Mail Server Denial of Service
Reported December 31, 1999 by USSRLabs
VERSIONS AFFECTED CSM Mail Server version 07b-07m plus 2000 version 01a DESCRIPTION
UssrLabs found a Local / Remote Buffer overflow,and maybe remotely
exploitable buffer overflow, the overflow is caused by a (long HELO) in the login procedure.
telnet DOMAIN 25
Connected to DOMAIN.
Escape character is "^\]".
220 SMTP CSM Mail Server ready at DOMAIN (Version 2000.08.A - NT.4.0.1381)
Where \[buffer\] is approximately 12000 characters.
CSM has been made aware of this issue, however no remedy was known at the time of this writing.
Discovered by USSRLabs