Hmmmm sorry, wrong order. right list.
This email should have been sent after the question posed to you after your
email.... confused.... sorry, my fault.
There was a question: what exactly does this DOS do (That's what the
response was aimed at, as it's not all clear to all list members, it wasn't
specifically aimed at you at all...)
Anthony
----- Original Message -----
From: "Ed Taylor" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 12, 2000 1:07 AM
Subject: Re: [IMail Forum] DoS vulnerability on Imail 5.x/6.x
> Anthony,
>
> Umm... I know what DoS means. Read my posts and I am sure you will see
that.
>
> Why did you specify me?
>
> --
> Ed Taylor
>
> ----- Original Message -----
> From: "Anthony Santen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, April 12, 2000 12:06 AM
> Subject: Re: [IMail Forum] DoS vulnerability on Imail 5.x/6.x
>
>
> Ed,
> DoS means Denial of Service.
> What is meant is that someone can Deny service to all Others by 'hitting'
> the server with a trick.
>
> Here is the trick:
> Let's say I want to render someone's Imail server Useless for a few days.
> All I have to do is use Eudora 4.3 and set it to log in to the Imail
server.
>
> As this SINGLE function locks the entire AUTH service, no other user can
> send mail via that Imail server, until I decide to stop my Eudora login.
>
> Let's say I don't want to stop my Eudora login for a few days...... = DoS
>
> Anthony Santen
>
> ----- Original Message -----
> From: "Ed Taylor " <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, April 11, 2000 4:42 PM
> Subject: RE: [IMail Forum] DoS vulnerability on Imail 5.x/6.x
>
>
> > Have you been on Venus? j/k :-)
> >
> > It is listed on SecurityFocus.com even. It is a Known issue... and it
> needs fixed.
> >
> > BTW, SMTP has not been updated since 6.0 so you are running 6.0 not
6.3...
> and the problem does exist.
> >
> > Thank you!
> >
> > --
> > Ed Taylor
> >
> > ---------- Original Message ----------------------------------
> > From: "R. Scott Perry" <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > Date: Tue, 11 Apr 2000 11:42:06 -0400
> >
> > > Still no word on a fix? With all these IPSwitch people answering the
> > > small/easy questions why isn't the BIG one being resolved or even
> > > acknowledged?
> >
> > How about explaining where the DOS possibility lies?
> >
> > I have been following this for a while now. I can see where IMail
breaks
> > the RFC (it doesn't send a CRLF in its response to AUTH CRAM-MD5). But
> how
> > does this relate to a DOS attack?
> >
> > The URL you list states that the problem is that when one user is
"stuck"
> in
> > this state, nobody else can access the SMTP server. But, using 6.03, I
> > tested this, and can not reproduce it. I telnet in with one session,
> enter
> > AUTH CRAM-MD5, and get the expected erroneous result (no CRLF). But,
> while
> > leaving that telnet session open, I can start another which works fine.
I
> > can not get it to lock up.
> >
> > Either the problem has been fixed in 6.03, or it in not being described
> well
> > enough.
> > -Scott
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
