Re: Multiples Remotes DoS Attacks in MDaemonServer

From: Nobuo Miwa (n-miwaat_private)
Date: Wed Dec 01 1999 - 13:04:08 PST

Next message: Andrew_Kunzat_private: "Re: Security Patches for Slackware 7.0 Available (fwd)"

Previous message: Aleph One: "ISS Security Advisory: Buffer Overflow in Netscape Enterprise and"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Another issue related to 350 simultaneous MDConfig connections has
> recently surfaced at ASCII Japan.  MDaemon can be configured to allow
> secure MDConfig connections which will prevent this problem from ever
> occurring.  This can be done now, however the 11/30/99 full patch will
> contain additional coding to prevent such a problem from occuring in
> the event that the system admin has left the port wide open for anyone
> to exploit.

I can't see that patch. And besides,it is NOT affected only on MDConfig
port. I can see same problem on POP port.
So, all MDaemon 2.8.5 users should use that patch for preventing
that too much connect() DoS. Not just MDConfig port.

Nobuo Miwa

<Nobuo Miwa> n-miwaat_private  ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------

Next message: Andrew_Kunzat_private: "Re: Security Patches for Slackware 7.0 Available (fwd)"
Previous message: Aleph One: "ISS Security Advisory: Buffer Overflow in Netscape Enterprise and"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:04 PDT