Peter Gründl wrote:
>
> ======================================================================
> Defcom Labs Advisory def-2001-11
>
> MDaemon 3.5.4 Dos-Device DoS
>
> Author: Peter Gründl <[EMAIL PROTECTED]>
> Release Date: 2001-03-15
> ======================================================================
> ------------------------=[Brief Description]=-------------------------
> Webservices in the Mdaemon package can be crashed by requesting a
> malicious URL.
>
> ------------------------=[Affected Systems]=--------------------------
> - MDaemon 3.5.4 Standard for Windows NT/2000
> - MDaemon 3.5.4 Pro for Windows NT/2000
>
> ----------------------=[Detailed Description]=------------------------
> There is a problem with the way the Worldclient (default port 3000)
> and the Webconfig service (default port 3001) handle requests for dos-
> devices.
>
> If a user requests eg. "http://www.foo.org:3000/aux", the Worldclient
> service will crash. The same fault affects the Webconfig service.
> The service needs to be restarted from the Mdaemon console.
I don't know, but it's a CON/CON old bug, isn't it?
If you pacthed your NT Box, the app is not vulnerable to this BUG, isn't it?
Sem mais,
--
+---------------------------------------------------------------------+
|Nelson Brito | Security Networks / IBQN |
| | Avenida General Justo, 365 - 4° Andar - Centro|
|Security Analyst | 20.021-130 - Rio de Janeiro - RJ - Brasil |
|Penetration Tester | +55.021.282-1351 R. 104 |
| | [EMAIL PROTECTED] |
+---------------------------------------------------------------------+
|"Windows NT can also be protected from nmap OS detection scans thanks|
|to *Nelson Brito* ..." |
| Trecho do livro "Hack Proofing your Network", página 93|
+---------------------------------------------------------------------+