Bugtraq mailing list archives
Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability
From: n-miwa () LAC CO JP (Nobuo Miwa)
Date: Wed, 1 Dec 1999 16:04:08 -0500
Hi,
Another issue related to 350 simultaneous MDConfig connections has recently surfaced at ASCII Japan. MDaemon can be configured to allow secure MDConfig connections which will prevent this problem from ever occurring. This can be done now, however the 11/30/99 full patch will contain additional coding to prevent such a problem from occuring in the event that the system admin has left the port wide open for anyone to exploit.
I can't see that patch. And besides,it is NOT affected only on MDConfig port. I can see same problem on POP port. So, all MDaemon 2.8.5 users should use that patch for preventing that too much connect() DoS. Not just MDConfig port. Nobuo Miwa <Nobuo Miwa> n-miwa () lac co jp ( @ @ ) http://www.lac.co.jp/security/ --------------------------o00o--(. .)--o00o--------------------------
Current thread:
- Fwd: RE: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability Arvel Hathcock (Nov 30)
- Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability Nobuo Miwa (Dec 01)
- Insecure default permissions for MailMan Professional Edition, version 3.0.18 S, Jared (Dec 01)
- Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Ussr Labs (Dec 02)
- Slackware 7.0 - login bug Stewart Gebbie (Dec 02)