|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Magic Winmail Server Denial of Service
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon May 26 2003 - 07:18:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Magic Winmail Server Denial of Service
READ ONLINE:
http://www.secunia.com/advisories/8854/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Magic Winmail Server 2.x
DESCRIPTION:
Magic Winmail Server does not perform adequate validation of user
input supplied to the commands "USER" and "PASS". This can be
exploited to cause a Denial of Service on a vulnerable mail server by
supplying a format specifier "%n" as an argument to the command.
A malicious person might be able to exploit the vulnerabilities to
compromise a vulnerable system. However, this has not been confirmed.
SOLUTION:
There is no update available.
Restrict access to the POP3 service so that only trusted IP addresses
can access the service. If this isn't possible you should implement a
firewall or proxy, which can filter malicious POP3 requests.
REPORTED BY / CREDITS:
D4rkGr3y
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]