Infinite InterChange DoS

[SNS Research <vuln-dev () greyhack com>]

Strumpf Noir Society Advisories
! Public release !
<--#


-= Infinite InterChange DoS =-

Release date: Thursday, 21 December, 2000


Introduction:

Infinite InterChange is a Win95/98/NT/2k mailserver for organizations that need
to expand their network messaging. Infinite InterChange has many functions,
ranging from standalone mailserver to Internet gateway.

InterChange can be found at vendor Infinite's website, http://www.ihub.com


Problem:

One of Interchange's main features is a popular webmail interface. This interface
and it's supporting HTTP server are subject to a Denial of Service attack through
a malformed POST request.


Problem:

The HTTP server coming with InterChange contains an overflow in the POST command.
Submitting a specially crafted POST request comprised of 963 bytes or more to the
server's HTTP port will cause the program to crash.

This can be as simple as:

telnet victim 80
GET aaa(963+ bytes) HTTP/1.0

At which point the server-process will die.


(..)


Solution:

Vendor has been notified. This was tested against Infinite InterChange 3.61.


Note:

In our correspondence with the vendor another problem was not reproducable, so no
resources were devoted to both. Though this is partially understandable, we regret
this decision since it leaves us no means of predicting when above will be fixed.


yadayadayada

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!