Have you been on Venus? j/k :-)
It is listed on SecurityFocus.com even. It is a Known issue... and it needs fixed.
BTW, SMTP has not been updated since 6.0 so you are running 6.0 not 6.3... and the
problem does exist.
Thank you!
--
Ed Taylor
---------- Original Message ----------------------------------
From: "R. Scott Perry" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 11 Apr 2000 11:42:06 -0400
> Still no word on a fix? With all these IPSwitch people answering the
> small/easy questions why isn't the BIG one being resolved or even
> acknowledged?
How about explaining where the DOS possibility lies?
I have been following this for a while now. I can see where IMail breaks
the RFC (it doesn't send a CRLF in its response to AUTH CRAM-MD5). But how
does this relate to a DOS attack?
The URL you list states that the problem is that when one user is "stuck" in
this state, nobody else can access the SMTP server. But, using 6.03, I
tested this, and can not reproduce it. I telnet in with one session, enter
AUTH CRAM-MD5, and get the expected erroneous result (no CRLF). But, while
leaving that telnet session open, I can start another which works fine. I
can not get it to lock up.
Either the problem has been fixed in 6.03, or it in not being described well
enough.
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
