Peter Grndl wrote:
==
Defcom Labs Advisory def-2001-11
MDaemon 3.5.4 Dos-Device DoS
Author: Peter Grndl [EMAIL PROTECTED]
Release Date: 2001-03-15
==
=[Brief Description]=-
Webservices in the Mdaemon package can be crashed by requesting a
malicious URL.
=[Affected Systems]=--
- MDaemon 3.5.4 Standard for Windows NT/2000
- MDaemon 3.5.4 Pro for Windows NT/2000
--=[Detailed Description]=
There is a problem with the way the Worldclient (default port 3000)
and the Webconfig service (default port 3001) handle requests for dos-
devices.
If a user requests eg. "http://www.foo.org:3000/aux", the Worldclient
service will crash. The same fault affects the Webconfig service.
The service needs to be restarted from the Mdaemon console.
I don't know, but it's a CON/CON old bug, isn't it?
If you pacthed your NT Box, the app is not vulnerable to this BUG, isn't it?
Sem mais,
--
+-+
|Nelson Brito| Security Networks / IBQN |
|| Avenida General Justo, 365 - 4 Andar - Centro|
|Security Analyst| 20.021-130 - Rio de Janeiro - RJ - Brasil |
|Penetration Tester | +55.021.282-1351 R. 104 |
|| [EMAIL PROTECTED] |
+-+
|"Windows NT can also be protected from nmap OS detection scans thanks|
|to *Nelson Brito* ..." |
| Trecho do livro "Hack Proofing your Network", pgina 93|
+-+