Skip navigation
Menu
Security

IP Mail Denial of Service

 

Reported August 17, 2000 by eEye Digital Security

 VERSIONS AFFECTED
  • IMail Server 6.0 through 6.04 (Intel version only)

DESCRIPTION

 Each time a connection is made to the Web Messaging interface (port 8181 by default) a new thread is spawned to handle that connection. The thread can be made to crash by sending a string of 500 or more characters in association with an HTTP 1.1 HEAD command, which overruns the receiving buffer. Any memory resources allocated for the thread are not released by the system, which provides a means to repeatedly perform the exploit. Such action would exhaust all available system resources leading to a denial of service attack against the system.

VENDOR RESPONSE

IPSwitch has has released a patch to correct this vulnerability. 

CREDIT
Discovered by eEye Digital Security

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
a digital padlock icon with multiple colors
Cybersecurity Workforce Sustainability Has a Problem. DEI Could Be the Solution.
May 06, 2024
the word acronym spelled out with wooden pieces
Cybersecurity Acronyms Cheat Sheet
May 06, 2024
clinician securely sharing sensitive healthcare data across mobile devices and medical practices
How to Ensure Data Protection, IT Security, and Compliance in Life Sciences
Apr 30, 2024
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024