At 03:55 AM 1/9/00 +0000, you wrote:
>Does this mean any significant threat?
A DoS attack poses the threat of just that -- denial of service. If you
maintain a mail server that is extremely mission critical, then yes it
does. The worst thing that will happen is people not being able to send or
receive mail. This isn't the type of exploit that could allow someone to
get information from your servers or network.
If you're worried about the possibility of denial of service, you can
disable the IMAIL Monitor service. Most of the time you'll want to monitor
your crucial services from another machine or outside of your network anyway.
Jonathan
>Is this problem fixed in 6.02?
No clue.
>IMail IMonitor Subject ot Denial of Service
>Reported January 5, 1999 by USSRLabs
>
>VERSIONS AFFECTED
>IMail IMonitor
>DESCRIPTION
>
>UssrLabs discovered a denial of service condition in IMail
>IMONITOR Server for WinNT Version 5.08 and possibly other versions as well.
>
>A cgi script entitle status.cgi checks to see if the server services are
>running. By executing the script numerous times in a short period of time
>Imonitor will crash citing an "Invalid Memory Address."
>
>VENDOR RESPONSE
>
>IPSwitch has been informed of the issue (tracking number
>IMS2000010500000096) however no fix was available at the time of this writing.
>
>CREDITS
>Discovered by USSRLabs
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
