OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NTBugtraq And NTSecurity Archives: Re: Remote DoS Attack in Wor

Re: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

Subject: Re: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
From: John Liss (johnlLISSPRODUCTIONS.TZO.COM)
Date: Tue Nov 30 1999 - 02:10:39 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Problem:

Recent DoS attack reported on MDaemon.

Version affected:

MDaemon 2.8.5.0 and 2.8.6.0

Problem in detail:

1. Entering a long URL in WorldClient Standard that ships with MDaemon
2.8.5.0/2.8.6.0 will crash the WorldClient service possibly allowing the
remote execution of harmful code.

2. Entering a long URL in WebConfig that ships with MDaemon 2.8.5.0/2.8.6.0
will crash the WebConfig service possibly allowing the
remote execution of harmful code.

Solution:

1. MDaemon 2.8.5.0/2.8.6.0 users: Download the following hotfix and
execute it:

2. Double click the file downloaded. File is in zip format and you must
have Winzip to execute file extraction.

3. Shutdown MDaemon

4. Extract WDaemon.exe - replaces the file of the same name in either the
\WC\ or \WCSTANDARD\ directory (depends on the MDaemon version you are
using).

5. Extract WebConfig.exe - replaces the file of the same name in the
\WEBCONFIG\ directory.

6. Start MDaemon. Your version of MDaemon will not change.

Download Hotfix
ftp://ftp1.deerfield.com/pub/mdaemon/md285fix.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
             John "Zotz" Liss
   Rocken' NT/C++/Win32/Java/VBScript
JScript/ASP/HTML/Networking/SQL spoken here.

LissProductions now has a Listserver
Subscribe to one of our e-mail lists:
http://www.lissproductions.tzo.com/regwiz/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I wanna reach up and touch the sky; I wanna touch the sun but I don't wanna fry

- ->-----Original Message-----
- ->From: Windows NTBugtraq Mailing List
- ->[mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of Ussr Labs
- ->Sent: Wednesday, November 24, 1999 5:21 PM
- ->To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- ->Subject: Remote DoS Attack in WorldClient Server v2.0.0.0
- ->Vulnerability
- ->
- ->
- ->Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
- ->
- ->PROBLEM:
- ->UssrLabs found a buffer overflow in WorldClient Server
- ->v2.0.0.0 where they
- ->do not use proper bounds checking.
- ->The following all result in a Denial of Service against the service in
- ->question.
- ->
- ->affected services:
- ->
- ->WorldClient: Port 2000
- ->
- ->This two remotes services are affected to overflow of you
- ->send a large url
- ->name.
- ->
- ->Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- ->
- ->For the Binary / Source for this WorldClient Server v2.0.0.0 Denial of
- ->Service:
- ->
- ->Go To: http://www.ussrback.com/mdeam285/
- ->
- ->
- ->Vendor Status:
- ->Contacted.
- ->
- ->Vendor Url: http://www.mdaemon.com
- ->
- ->Credit: USSRLABS
- ->
- ->SOLUTION
- -> Nothing yet.
- ->
- ->u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
- ->http://www.ussrback.com
- ->
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBOEOGfw75wjx9aTiDEQJ/nwCfepNzbdhfKAQXIY6Ayos2QKh9NusAnii/
T+E0MO4Tc3YqD7mrEyqSkPaF
=DKOn
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2b27 : Mon Dec 06 1999 - 21:15:56 CST