[15154] in bugtraq
DST2K0006: Denial of Service Possibility in Imate WebMail Server
daemon@ATHENA.MIT.EDU (Security Team)
Thu Jun 1 22:01:49 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <6C740781F92BD411831F0090273A8AB806FDB6@exchange.servers.delphis.net>
Date: Thu, 1 Jun 2000 08:43:27 +0100
Reply-To: Security Team <securityteam@DELPHISPLC.COM>
From: Security Team <securityteam@DELPHISPLC.COM>
X-To: "win2ksecadvice@LISTSERV.NTSECURITY.NET"
<win2ksecadvice@LISTSERV.NTSECURITY.NET>,
"NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM"
<NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>,
"BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> ==========================================================================
> ======
> Delphis Consulting Plc
> ==========================================================================
> ======
>
> Security Team Advisories
> [26/05/2000]
>
>
> securityteam@delphisplc.com
> [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==========================================================================
> ======
> Adv : DST2K0006
> Title : Denial of Service Possibility
> Author : DCIST (securityteam@delphisplc.com)
> O/S : Microsoft Windows NT v4.0 Workstation (SP6)
> Product : Imate WebMail Server v2.5
> Date : 26/05/2000
>
> I. Description
>
> II. Solution
>
> III. Disclaimer
>
>
> ==========================================================================
> ======
>
>
> I. Description
> ==========================================================================
> ======
>
> Delphis Consulting Internet Security Team (DCIST) discovered the following
> vulnerability in the Imate WebMail Server under Windows NT.
>
> Sending an email via SMTP to an Imate WebMail Server with a server name of
> 1119 characters will cause the SMTP server to stop running. The service
> must
> be restarted manually.
>
> Example:
> Telnet host 25
> HELO <Ax1119>
>
>
> II. Solution
> ==========================================================================
> ======
>
> Vendor Status: Informed
> Catware have an upgrade available from their support department. Delphis
> would like to take this
> opportunity to thank Catware for responding so quickly (within 24hrs), and
> having a working fix within 96hrs.
>
> III. Disclaimer
> ==========================================================================
> ======
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS
> OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR
> RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==========================================================================
> ======
