Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: def-2001-11: MDaemon 3.5.4 Dos-Device DoS

From: Nelson Brito <nelson () SECUNET COM BR>
Date: Thu, 15 Mar 2001 14:39:23 -0300
Peter Gründl wrote:


======================================================================
                  Defcom Labs Advisory def-2001-11

                  MDaemon 3.5.4 Dos-Device DoS

Author: Peter Gründl <peter.grundl () defcom com>
Release Date: 2001-03-15
======================================================================
------------------------=[Brief Description]=-------------------------
Webservices in the Mdaemon package can be crashed by requesting a
malicious URL.

------------------------=[Affected Systems]=--------------------------
- MDaemon 3.5.4 Standard for Windows NT/2000
- MDaemon 3.5.4 Pro for Windows NT/2000

----------------------=[Detailed Description]=------------------------
There is a problem with the way the Worldclient (default port 3000)
and the Webconfig service (default port 3001) handle requests for dos-
devices.

If a user requests eg. "http://www.foo.org:3000/aux";, the Worldclient
service will crash. The same fault affects the Webconfig service.
The service needs to be restarted from the Mdaemon console.


I don't know, but it's a CON/CON old bug, isn't it?

If you pacthed your NT Box, the app is not vulnerable to this BUG, isn't it?

Sem mais,
--
+---------------------------------------------------------------------+
|Nelson Brito        |  Security Networks / IBQN                      |
|                    |  Avenida General Justo, 365 - 4° Andar - Centro|
|Security Analyst    |  20.021-130 - Rio de Janeiro - RJ - Brasil     |
|Penetration Tester  |  +55.021.282-1351 R. 104                       |
|                    |  nelson () secunet com br                         |
+---------------------------------------------------------------------+
|"Windows NT can also be protected from nmap OS detection scans thanks|
|to *Nelson Brito* ..."                                               |
|              Trecho do livro "Hack Proofing your Network", página 93|
+---------------------------------------------------------------------+
Previous By Date Next
Previous By Thread Next

Current thread: