Bugtraq mailing list archives
Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
From: anthony () SANTEN NET (Anthony Santen)
Date: Wed, 5 Apr 2000 00:25:20 -0400
Ipswitch blames BOTH NetScape AND Eudora for not following RFC's, but does nothing to control the situation. It is very simple to deny service to any IMAIL 5.xx or 6.xx server as follows. IMAIL allows SMTP AUTH using various methods, including CRAM-MD5 and LOGIN If a Eudora 4.3 client attaches to the IMAIL server supporting SMTP AUTH, it attempts a connection using CRAM-MD5. At this point the mail server locks the internal security dll (imailsec.dll) using 'Exclusive' mode, thus disallowing other threads to access it. The session with Eudora 4.3 will stay in a 'locked' state. Eudora doesn't disconnect or time-out, nor does Imail. While the lock is in place, NO mail client can use the server for outbound mail This problem has been confirmed to be only with Eudora at this time. Eudora 4.3 has been confirmed not to show this behaviour on MS-EXCHANGE or Sendmail 8.10. The only 'work around' available at this time is to restart the IMAIL services on the server. Ipswitch's 'work around' is to open the relay, disabling the SMTP AUTH in the process. Ipswitch denies that the problem is theirs, and claims that 'everyone else is mad but not us'. Several complaints regarding this problem have been received on the IMAIL forum. Anthony Santen
Current thread:
- Re: Local Denial-of-Service attack against Linux Jeff Dafoe (Apr 02)
- Win32 RealPlayer 6/7 Buffer Overflow Adam Muntner (Apr 03)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Apr 03)
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Anthony Santen (Apr 04)
- minor issue with IBM HTTPD and /usr/bin/ikeyman Rude Yak (Apr 05)
- PcAnywhere weak password encryption Pascal Longpre (Apr 05)
- The Sentinel Project Marshall (Apr 06)