[12821] in bugtraq
Re: Multiples Remotes DoS Attacks in MDaemonServer
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Thu Dec 2 14:55:32 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199912011604.HJI39569.BX-NOJ@lac.co.jp>
Date: Wed, 1 Dec 1999 16:04:08 -0500
Reply-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
From: Nobuo Miwa <n-miwa@LAC.CO.JP>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <MDAEMON-F199911301617.AA172323md50000081568@altn.com>
Hi,
> Another issue related to 350 simultaneous MDConfig connections has
> recently surfaced at ASCII Japan. MDaemon can be configured to allow
> secure MDConfig connections which will prevent this problem from ever
> occurring. This can be done now, however the 11/30/99 full patch will
> contain additional coding to prevent such a problem from occuring in
> the event that the system admin has left the port wide open for anyone
> to exploit.
I can't see that patch. And besides,it is NOT affected only on MDConfig
port. I can see same problem on POP port.
So, all MDaemon 2.8.5 users should use that patch for preventing
that too much connect() DoS. Not just MDConfig port.
Nobuo Miwa
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------
