Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Peter Gründl (peter.grundlDEFCOM.COM)
Date: Thu Mar 15 2001 - 07:25:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                      Defcom Labs Advisory def-2001-11

                      MDaemon 3.5.4 Dos-Device DoS

    Author: Peter Gründl <peter.grundldefcom.com>
    Release Date: 2001-03-15
    ------------------------=[Brief Description]=-------------------------
    Webservices in the Mdaemon package can be crashed by requesting a
    malicious URL.

    ------------------------=[Affected Systems]=--------------------------
    - MDaemon 3.5.4 Standard for Windows NT/2000
    - MDaemon 3.5.4 Pro for Windows NT/2000

    ----------------------=[Detailed Description]=------------------------
    There is a problem with the way the Worldclient (default port 3000)
    and the Webconfig service (default port 3001) handle requests for dos-

    If a user requests eg. "http://www.foo.org:3000/aux", the Worldclient
    service will crash. The same fault affects the Webconfig service.
    The service needs to be restarted from the Mdaemon console.

    Upgrade to MDaemon 3.5.6:

    -------------------------=[Vendor Response]=--------------------------
    This issue was brought to the vendor's attention on the 3rd of March,
    2001 and the vendor released a patch on the 9th of March, 2001.

                This release was brought to you by Defcom Labs

                  labsdefcom.com www.defcom.com