From securityteam@DELPHISPLC.COM Mon Jul 10 02:42:30 2000 From: Security Team To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 1 Jun 2000 08:43:27 +0100 Subject: DST2K0006: Denial of Service Possibility in Imate WebMail Server v2.5 [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] > ========================================================================== > ====== > Delphis Consulting Plc > ========================================================================== > ====== > > Security Team Advisories > [26/05/2000] > > > securityteam@delphisplc.com > [http://www.delphisplc.com/thinking/whitepapers/] > > ========================================================================== > ====== > Adv : DST2K0006 > Title : Denial of Service Possibility > Author : DCIST (securityteam@delphisplc.com) > O/S : Microsoft Windows NT v4.0 Workstation (SP6) > Product : Imate WebMail Server v2.5 > Date : 26/05/2000 > > I. Description > > II. Solution > > III. Disclaimer > > > ========================================================================== > ====== > > > I. Description > ========================================================================== > ====== > > Delphis Consulting Internet Security Team (DCIST) discovered the following > vulnerability in the Imate WebMail Server under Windows NT. > > Sending an email via SMTP to an Imate WebMail Server with a server name of > 1119 characters will cause the SMTP server to stop running. The service > must > be restarted manually. > > Example: > Telnet host 25 > HELO > > > II. Solution > ========================================================================== > ====== > > Vendor Status: Informed > Catware have an upgrade available from their support department. Delphis > would like to take this > opportunity to thank Catware for responding so quickly (within 24hrs), and > having a working fix within 96hrs. > > III. Disclaimer > ========================================================================== > ====== > THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT > THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS > OR > IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE > PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR > CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR > RELIANCE > PLACED ON, THIS INFORMATION FOR ANY PURPOSE. > ========================================================================== > ======