Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0

From: Ussr Labs (labsat_private)
Date: Wed Nov 24 1999 - 00:20:19 PST

Next message: Scott Zimmerman: "Re: Operational Issues: Applications & Appliances (was: Buffer"

Previous message: Ussr Labs: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability

PROBLEM:
UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use
proper bounds checking.
The following all result in a Denial of Service against the service in
question.

affected services:

WorldClient: Port 2000
WebConfig : Port 2002

This two remotes services are affected to overflow of you send a large url
name.

Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

For the Binary / Source for this MDaemon Server v2.8.5.0 Denial of Service:

Go To: http://www.ussrback.com/mdeam285/


Vendor Status:
Contacted.

Vendor   Url: http://www.mdaemon.com

Credit: USSRLABS

SOLUTION
    Nothing yet.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Next message: Scott Zimmerman: "Re: Operational Issues: Applications & Appliances (was: Buffer"
Previous message: Ussr Labs: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:02 PDT