Bugtraq mailing list archives

Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability

From: n-miwa () LAC CO JP (Nobuo Miwa)
Date: Wed, 1 Dec 1999 16:04:08 -0500

Hi,

Another issue related to 350 simultaneous MDConfig connections has
recently surfaced at ASCII Japan.  MDaemon can be configured to allow
secure MDConfig connections which will prevent this problem from ever
occurring.  This can be done now, however the 11/30/99 full patch will
contain additional coding to prevent such a problem from occuring in
the event that the system admin has left the port wide open for anyone
to exploit.


I can't see that patch. And besides,it is NOT affected only on MDConfig
port. I can see same problem on POP port.
So, all MDaemon 2.8.5 users should use that patch for preventing
that too much connect() DoS. Not just MDConfig port.

Nobuo Miwa

<Nobuo Miwa> n-miwa () lac co jp  ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------

Current thread:

Fwd: RE: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability Arvel Hathcock (Nov 30)
- Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability Nobuo Miwa (Dec 01)
- Insecure default permissions for MailMan Professional Edition, version 3.0.18 S, Jared (Dec 01)
- Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Ussr Labs (Dec 02)
- Slackware 7.0 - login bug Stewart Gebbie (Dec 02)