From peter.grundl@DEFCOM.COM Tue Mar 20 14:07:27 2001 From: "[iso-8859-1] Peter Gründl" To: BUGTRAQ@SECURITYFOCUS.COM Date: Tue, 20 Mar 2001 14:19:49 +0100 Subject: [BUGTRAQ] def-2001-13: NTMail Web Services DoS [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ====================================================================== Defcom Labs Advisory def-2001-13 NTMail Web Services DoS Author: Peter Gründl Release Date: 2001-03-20 ====================================================================== ------------------------=[Brief Description]=------------------------- NTMails web services contain a flaw that could allow a malicious attacker to crash the web services using a malformed URL. ------------------------=[Affected Systems]=-------------------------- - NTMail V6.0.3c for Windows NT/2000 ----------------------=[Detailed Description]=------------------------ It appears that while fixing another URL related problem, Gordano accidently introduced a new one. The web services on TCP ports 8000 and 9000 are both vulnerable to a "LongURL attack". That means that a request larger than 255 characters will crash the service. A crash will take down the services listening on TCP ports: 8000 (NTMail configuration), 8025, 8080, 8888 and 9000 (GLWebMail). ---------------------------=[Workaround]=----------------------------- Install the patch located at: ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6C_Intel_20010317.zip -------------------------=[Vendor Response]=-------------------------- This issue was brought to the vendor's attention on the 9th of March, 2001 and a patch was released by the vendor on the 17th of March 2001. ====================================================================== This release was brought to you by Defcom Labs labs@defcom.com www.defcom.com ======================================================================