Multiple DoS attack vulnerabilities in MDaemon Server
----------------------------------------------------------------------------
----
SUMMARY
UssrLabs recently found multiple places in the <http://www.mdaemon.com/>
MDaemon Server where buffer bounds aren't checked correctly. This results
in a possible Denial of Service attack against the service in question.
DETAILS
Vulnerable systems:
MDaemon Server v2.8.5.0
By connecting to MDaemon's services (WorldClient - port 2000) or WebConfig
(port 2002) a remote attacker can cause the MDaemon Server to crash -
effectively causing a Denial of Service attack.
These two remote services can be subjected to a buffer overflow when
sending a large URL.
Example:
http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Binary version of the remote DoS can be downloaded from:
<http://www.ussrback.com/mdeam285/Mdeam285.exe>
http://www.ussrback.com/mdeam285/Mdeam285.exe
Source code version of the remote DoS can be downloaded from:
<http://www.ussrback.com/mdeam285/Mdeam285.zip>
http://www.ussrback.com/mdeam285/Mdeam285.zip
[yanglagikeselsamamdaemon]
[abisnyabouncemessagedibalikinkesendersihbukannyakereturn-pathnya]
-------
AFLHI 058009990407128029/089802---(102598//991024)
http://www.indolinux.com - Nikmati Layanan Personal INDOLINUX ::
http://techscape.net/ - Webhosting: Dual T3 on Dual Pentium III 450Mhz
Only US$1.95/month -> CGI SSL 5MB Unlimited Traffic & Mail FP2000
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
