OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NTSecAdvice Archives: FW: Remote DoS Attack in WorldClient Serv

FW: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

Subject: FW: Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
From: John Liss (johnlLISSPRODUCTIONS.TZO.COM)
Date: Tue Dec 07 1999 - 12:20:25 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From deerfields webpages:

- ->Problem:
- ->
- ->Recent DoS attack reported on MDaemon.
- ->
- ->Version affected:
- ->
- ->MDaemon 2.8.5.0 and 2.8.6.0
- ->
- ->Problem in detail:
- ->
- ->1. Entering a long URL in WorldClient Standard that ships
- ->with MDaemon
- ->2.8.5.0/2.8.6.0 will crash the WorldClient service possibly
- ->allowing the
- ->remote execution of harmful code.
- ->
- ->2. Entering a long URL in WebConfig that ships with MDaemon
- ->2.8.5.0/2.8.6.0
- ->will crash the WebConfig service possibly allowing the
- ->remote execution of harmful code.
- ->
- ->Solution:
- ->
- ->1. MDaemon 2.8.5.0/2.8.6.0 users: Download the following hotfix and
- ->execute it:
- ->
- ->2. Double click the file downloaded. File is in zip format
- ->and you must
- ->have Winzip to execute file extraction.
- ->
- ->3. Shutdown MDaemon
- ->
- ->4. Extract WDaemon.exe - replaces the file of the same
- ->name in either the
- ->\WC\ or \WCSTANDARD\ directory (depends on the MDaemon version you are
- ->using).
- ->
- ->5. Extract WebConfig.exe - replaces the file of the same name in the
- ->\WEBCONFIG\ directory.
- ->
- ->6. Start MDaemon. Your version of MDaemon will not change.
- ->
- ->Download Hotfix
- ->ftp://ftp1.deerfield.com/pub/mdaemon/md285fix.zip
- ->
- ->
- ->- ->-----Original Message-----
- ->- ->From: Windows NTBugtraq Mailing List
- ->- ->[mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of Ussr Labs
- ->- ->Sent: Wednesday, November 24, 1999 5:21 PM
- ->- ->To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- ->- ->Subject: Remote DoS Attack in WorldClient Server v2.0.0.0
- ->- ->Vulnerability
- ->- ->
- ->- ->
- ->- ->Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
- ->- ->
- ->- ->PROBLEM:
- ->- ->UssrLabs found a buffer overflow in WorldClient Server
- ->- ->v2.0.0.0 where they
- ->- ->do not use proper bounds checking.
- ->- ->The following all result in a Denial of Service against
- ->the service in
- ->- ->question.
- ->- ->
- ->- ->affected services:
- ->- ->
- ->- ->WorldClient: Port 2000
- ->- ->
- ->- ->This two remotes services are affected to overflow of you
- ->- ->send a large url
- ->- ->name.
- ->- ->
- ->- ->Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- ->- ->
- ->- ->For the Binary / Source for this WorldClient Server
- ->v2.0.0.0 Denial of
- ->- ->Service:
- ->- ->
- ->- ->Go To: http://www.ussrback.com/mdeam285/
- ->- ->
- ->- ->
- ->- ->Vendor Status:
- ->- ->Contacted.
- ->- ->
- ->- ->Vendor Url: http://www.mdaemon.com
- ->- ->
- ->- ->Credit: USSRLABS
- ->- ->
- ->- ->SOLUTION
- ->- -> Nothing yet.
- ->- ->
- ->- ->u n d e r g r o u n d s e c u r i t y s y s t e m s r
- ->e s e a r c h
- ->- ->http://www.ussrback.com
- ->- ->
- ->-----BEGIN PGP SIGNATURE-----
- ->Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
- ->
- ->iQA/AwUBOEOGfw75wjx9aTiDEQJ/nwCfepNzbdhfKAQXIY6Ayos2QKh9NusAnii/
- ->T+E0MO4Tc3YqD7mrEyqSkPaF
- ->=DKOn
- ->-----END PGP SIGNATURE-----
- ->
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBOE1P6Q75wjx9aTiDEQJcpACglkGhZj1PpuZxctIgYE8HAXtVOscAoMkh
kiSRQWQMY2cpjYzXrbq6oeR3
=cefn
-----END PGP SIGNATURE-----

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

This archive was generated by hypermail 2b27 : Tue Dec 07 1999 - 13:12:36 CST