|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] MDaemon UIDL and DELE Command Negative Value DoS
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Apr 30 2003 - 02:27:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
MDaemon UIDL and DELE Command Negative Value DoS
READ ONLINE:
http://www.secunia.com/advisories/8687/
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
MDaemon 6.x
DESCRIPTION:
A malicious user can cause a DoS (Denial of Service) on MDaemon by
supplying a negative value as argument to the commands "DELE" and
"UIDL".
An example was included in the original advisory:
DELE -1
Successful exploitation requires that the malicious user has been
authenticated.
The vulnerability has been reported to affect version 6.0.7 to the
latest version (6.7.9).
SOLUTION:
Allow only trusted users access to the service.
REPORTED BY / CREDITS:
D4rkGr3y
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]