|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter Gründl (peter.grundl
DEFCOM.COM)Date: Thu Mar 15 2001 - 07:25:45 CST
======================================================================
Defcom Labs Advisory def-2001-11
MDaemon 3.5.4 Dos-Device DoS
Author: Peter Gründl <peter.grundldefcom.com>
Release Date: 2001-03-15
======================================================================
------------------------=[Brief Description]=-------------------------
Webservices in the Mdaemon package can be crashed by requesting a
malicious URL.
------------------------=[Affected Systems]=--------------------------
- MDaemon 3.5.4 Standard for Windows NT/2000
- MDaemon 3.5.4 Pro for Windows NT/2000
----------------------=[Detailed Description]=------------------------
There is a problem with the way the Worldclient (default port 3000)
and the Webconfig service (default port 3001) handle requests for dos-
devices.
If a user requests eg. "http://www.foo.org:3000/aux", the Worldclient
service will crash. The same fault affects the Webconfig service.
The service needs to be restarted from the Mdaemon console.
---------------------------=[Workaround]=-----------------------------
Upgrade to MDaemon 3.5.6:
http://mdaemon.deerfield.com/download/getmdaemon.cfm
-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 3rd of March,
2001 and the vendor released a patch on the 9th of March, 2001.
======================================================================
This release was brought to you by Defcom Labs
labsdefcom.com www.defcom.com
======================================================================
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]