Archive : 1999 : november : mdaemon - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability




=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Ср, 24 ноя 1999  11:20:19

   От: Ussr Labs <labs@USSRBACK.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability

--------------------------------------------------------------------------------




Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability



PROBLEM:

UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use

proper bounds checking.

The following all result in a Denial of Service against the service in

question.



affected services:



WorldClient: Port 2000

WebConfig : Port 2002



This two remotes services are affected to overflow of you send a large url

name.



Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa



For the Binary / Source for this MDaemon Server v2.8.5.0 Denial of Service:



Go To: http://www.ussrback.com/mdeam285/





Vendor Status:

Contacted.



Vendor   Url: http://www.mdaemon.com



Credit: USSRLABS



SOLUTION

    Nothing yet.



u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h

http://www.ussrback.com

test server