IP Mail Denial of Service


Reported August 17, 2000 by
eEye Digital Security

  • IMail Server 6.0 through 6.04 (Intel version only)


Each time a connection is made to the Web Messaging interface (port 8181 by default) a new thread is spawned to handle that connection. The thread can be made to crash by sending a string of 500 or more characters in association with an HTTP 1.1 HEAD command, which overruns the receiving buffer. Any memory resources allocated for the thread are not released by the system, which provides a means to repeatedly perform the exploit. Such action would exhaust all available system resources leading to a denial of service attack against the system.


IPSwitch has has released a patch to correct this vulnerability. 

Discovered by
eEye Digital Security

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.