Hi there. Around a month ago I sent the following message to salesat_private In a few words: there's a security problem in the SMTP/POP/WebPop software they provide for evaluation (and probably also in the commercial version they sell, see www.mdaemon.com), that lets you kill SMTP and POP services provided that you can connect to a sort of configuration port the programs use (in the configuration I tested the port was N+1, for N being the port used by WebPop). My knowledge on Windoze asymptotically approaches zero, so I cannot give much more details. I haven't received any interesting message from @mdaemon.com, apart from "we'll forward this information to our developers" (?); and I've seen nothing related to this security problem in their web so far, so the time has come to post to bugtraq, I guess. Possible workaround: block that port using a firewall. Just in case anyone out there is crazy enough to use this thing ;-). Regards. .------------------------------------------------------------------. | Alvaro Martínez Echevarría | LANDER SISTEMAS | | alvaroat_private | Pº Castellana, 121 | `--------------------------------| 28046 Madrid, SPAIN | | Tel: +34-1-5562883 | | Fax: +34-1-5563001 | `---------------------------------' ---------- Forwarded message ---------- From: Alvaro Martinez Echevarria <alvaroat_private> To: salesat_private Date: Sun, 15 Feb 1998 19:59:03 +0100 (CET) Subject: DoS attack on MDaemon Hi there. I have found a really easy to use DoS attack on your MDaemon server, which some people here in my company have been evaluating. They asked me to take a look at the security of the product, and the very first thing I tried just brought the SMTP/POP services down. It was easy: I connected to a port whose greeting says "+OK xxx.xxx MDCONFIG Interface Ready", and after some trial and error this is what I found: VERS 3.0 +OK MDConfig v3.0 acceptable. USER aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa[...] The "a" here needs to be repeated a lot of times, say 2000. And after that, voilà: "Connection closed by foreign host" and let die the SMTP and POP services. As you should know, this same bug could be used in a more clever way to execute arbitrary code in any server that is using your MDaemon software. I think you should correct this problem right away, and pay more attention to bounds checking in your future development. Regards.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:47 PDT