++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Ability Mail server 1.18 Dos attack and Css Vulnerabilities+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Date: 11/07/2004


Severity:
Low

Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
windows 9x

Description:
"Ability Mail Server has been designed to be small, fast, reliable, advanced and very feature rich.
This easy to use mail server supports SMTP, POP3, IMAP4, WebMail, Remote Admin, Virus Protection and
much more."
Two vulnerabilities have been identified in Ability mail server 1.18 that may allow a malicious user
to get access to a remote sustem or cause a Dos attack.

1 - The first vulnerability is an Xss attack. Input passed to "errormsg" parameter isn't properly sanitised
before being returned to users.This can be exploited to execute arbitrary HTML and script code in a user's
browser session in contextof a vulnerable site by tricking the user into visiting a malicious website or 
follow a specially crafted link.

example: http://127.0.0.1:8000/_error?id=[id]&errormsg=[exploit_code]
example: http://127.0.0.1:8000/_error?id=[id]&errormsg=<script>alert(document.cookie)</script>

2 - The second vulnerability is a denial of service condition. By establishing about 150-200 connections
with three services at the same time CPU usage will hit 100% and the system will stop offering any services.

example: Try to establish at the same time  150-200 connection with Webmail service(8000),
admin service(8880) and SMTP service (25).

Workaround:
Use another product.


Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/


Feedback
Please send your comments to: dr_insane@pathfinder.gr