Skip navigation

MDaemon 2.5.8 Subject to DoS - 22 Nov 1999

MDaemon Server 2.5.8.0 Subject to DoS
Reported November 24, 1999 by
USSRLABS
VERSIONS AFFECTED
  • MDaemon 2.8.5.0

DESCRIPTION

USSRLabs discovered serveral denial of service conditions in Deerfield.com"s MDaemon Server v2.8.5.0. The problems are the result of buffer overflow conditions within the program code.

DEMONSTRATION

The problem affects services on ports 2000 (WorldClient) and 2002 (WebConfig.) By sending very long URLs (524 chars or more) to the services listening on those ports, the service can be made to crash, thus denying service to valid users.

VENDOR RESPONSE

UssrLabs notified Deefield.com about this problem, however no response is unknown at this time.

CREDITS
Discovered by USSRLABS

Posted here at NTSecurity.net on November 24, 1999
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish