Internet Anywhere DoS

 
Crashing Internet Anywhere Mail Server

Reported Feburary 10, 2000 by Nubuo Miwa

VERSIONS AFFECTED
Internet Anywhere Mail Server v3.1.3 Buld 1065

DESCRIPTION

Two problems were discovered in the mail server that can lead to denial of service attacks against the system.

Attack 1: by sending a specific string of characters as the parameter of the RETR command the server can be made to crash.

Attack 2: by opening 3000 or more connections on the SMTP port the server will respond with an error reporting to many connects. By sending a second large set of connections (800 or more) immediately thereafter the service will crash.

VENDOR RESPONSE

True North Software is working on a fix for the problem as of this writing.

CREDITS
Discovered by Nubuo Miwa

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish