Bugtraq mailing list archives
Re: def-2001-11: MDaemon 3.5.4 Dos-Device DoS
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Thu, 15 Mar 2001 14:39:23 -0300
Peter Gründl wrote:
====================================================================== Defcom Labs Advisory def-2001-11 MDaemon 3.5.4 Dos-Device DoS Author: Peter Gründl <peter.grundl () defcom com> Release Date: 2001-03-15 ====================================================================== ------------------------=[Brief Description]=------------------------- Webservices in the Mdaemon package can be crashed by requesting a malicious URL. ------------------------=[Affected Systems]=-------------------------- - MDaemon 3.5.4 Standard for Windows NT/2000 - MDaemon 3.5.4 Pro for Windows NT/2000 ----------------------=[Detailed Description]=------------------------ There is a problem with the way the Worldclient (default port 3000) and the Webconfig service (default port 3001) handle requests for dos- devices. If a user requests eg. "http://www.foo.org:3000/aux", the Worldclient service will crash. The same fault affects the Webconfig service. The service needs to be restarted from the Mdaemon console.
I don't know, but it's a CON/CON old bug, isn't it? If you pacthed your NT Box, the app is not vulnerable to this BUG, isn't it? Sem mais, -- +---------------------------------------------------------------------+ |Nelson Brito | Security Networks / IBQN | | | Avenida General Justo, 365 - 4° Andar - Centro| |Security Analyst | 20.021-130 - Rio de Janeiro - RJ - Brasil | |Penetration Tester | +55.021.282-1351 R. 104 | | | nelson () secunet com br | +---------------------------------------------------------------------+ |"Windows NT can also be protected from nmap OS detection scans thanks| |to *Nelson Brito* ..." | | Trecho do livro "Hack Proofing your Network", página 93| +---------------------------------------------------------------------+
Current thread:
- def-2001-11: MDaemon 3.5.4 Dos-Device DoS Peter Gründl (Mar 15)
- Re: def-2001-11: MDaemon 3.5.4 Dos-Device DoS Nelson Brito (Mar 16)
- Re: def-2001-11: MDaemon 3.5.4 Dos-Device DoS Peter Gründl (Mar 16)
- Re: def-2001-11: MDaemon 3.5.4 Dos-Device DoS Nelson Brito (Mar 16)