exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VIGILANTE-2000008.txt

VIGILANTE-2000008.txt
Posted Sep 6, 2000
Authored by Vigilante | Site vigilante.com

Vigilante Advisory #8 - NTMail Configuration Service v5 & v6 denial of service. The web configuration running on TCP port 8000 does not flush incomplete HTTP requests, and thus it is possible to use up all the server ressources within a very short time.

tags | exploit, web, denial of service, tcp
SHA-256 | c9fec19beb463e9c88ed288d26e1bc526386517c5982cb2f718dc275c18ea22b

VIGILANTE-2000008.txt

Change Mirror Download
NTMail Configuration Service DoS

Advisory Code: VIGILANTE-2000008

Release Date:
September 4, 2000

Systems Affected:
- NTMail V5 Alpha Processor
- NTMail V5 Intel Processor
- NTMail V6 Alpha Processor
- NTMail V6 Intel Processor

THE PROBLEM
The web configuration running on TCP port 8000 does not flush incomplete
HTTP requests, and thus it is possible to use up all the server ressources
within a very short time. During testing the CPU usage stayed around 90-99%
and within 2 minutes the www.exe service had consumed more than 250MB of
memory. An attack might result in the service crashing, when the system hits
the maximum pagefile size.

Vendor Status:
Gordano was contacted on the 19th of August (Saturday) and a reply was
received on the 21st of August. On The 22nd of August we received a fix,
which appears to fix the problem.

Fix (quote from the vendor):
"Gordano Limited, developers of the award winning mail server NTMail, are
pleased to have worked with Vigilante.com to secure their product
and protect their customers from a potential DoS exploit."

NTMail V5 Alpha Processor fix URL:
ftp://ftp.gordano.com/ntmail5/hotfixes/ntmail5g_alpha_20000830.zip

NTMail V5 Intel Processor fix URL:
ftp://ftp.gordano.com/ntmail5/hotfixes/ntmail5g_intel_20000830.zip

NTMail V6 Alpha Processor fix URL:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6_alpha_20000830.zip

NTMail V6 Intel Processor fix URL:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6_intel_20000830.zip


Vendor URL: http://www.gordano.com/
Product URL: http://www.ntmail.co.uk/
Copyright VIGILANTe 2000-08-19

Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.

Feedback:
Please send suggestions, updates, and comments to:

VIGILANTe
mailto: swat@vigilante.com
http://www.vigilante.com

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close