[19722] in bugtraq

home help back first fref pref prev next nref lref last post

def-2001-13: NTMail Web Services DoS

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Peter_Gr=FCndl?=)
Tue Mar 20 13:30:48 2001

MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID:  <02cf01c0b140$70a94a60$71002d0a@dk.defcomsec.com>
Date:         Tue, 20 Mar 2001 14:19:49 +0100
Reply-To: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

======================================================================
                  Defcom Labs Advisory def-2001-13

                      NTMail Web Services DoS

Author: Peter Gründl <peter.grundl@defcom.com>
Release Date: 2001-03-20
======================================================================
------------------------=[Brief Description]=-------------------------
NTMails web services contain a flaw that could allow a malicious
attacker to crash the web services using a malformed URL.

------------------------=[Affected Systems]=--------------------------
- NTMail V6.0.3c for Windows NT/2000

----------------------=[Detailed Description]=------------------------
It appears that while fixing another URL related problem, Gordano
accidently introduced a new one. The web services on TCP ports 8000
and 9000 are both vulnerable to a "LongURL attack". That means that a
request larger than 255 characters will crash the service.

A crash will take down the services listening on TCP ports:
8000 (NTMail configuration), 8025, 8080, 8888 and 9000 (GLWebMail).

---------------------------=[Workaround]=-----------------------------
Install the patch located at:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6C_Intel_20010317.zip

-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 9th of
March, 2001 and a patch was released by the vendor on the 17th
of March 2001.

======================================================================
            This release was brought to you by Defcom Labs

              labs@defcom.com             www.defcom.com
======================================================================
home help back first fref pref prev next nref lref last post