[12718] in bugtraq

home help back first fref pref prev next nref lref last post

Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0

daemon@ATHENA.MIT.EDU (Ussr Labs)
Wed Nov 24 12:42:40 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPAEOMCAAA.labs@ussrback.com>
Date:         Wed, 24 Nov 1999 05:20:19 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability

PROBLEM:
UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.

affected services:

WorldClient: Port 2000
WebConfig : Port 2002

This two remotes services are affected to overflow of you send a large url
name.

Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

For the Binary / Source for this MDaemon Server v2.8.5.0 Denial of Service:

Go To: http://www.ussrback.com/mdeam285/


Vendor Status:
Contacted.

Vendor   Url: http://www.mdaemon.com

Credit: USSRLABS

SOLUTION
    Nothing yet.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

home help back first fref pref prev next nref lref last post