Ipswitch IMail Server 5.x/6.x DoS Vulnerability
BID:1094
Info
Ipswitch IMail Server 5.x/6.x DoS Vulnerability
| Bugtraq ID: | 1094 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 06 2000 12:00AM |
| Updated: | Apr 06 2000 12:00AM |
| Credit: | Posted to Bugtraq on April 5, 2000 by Anthony Santen <[email protected]>. |
| Vulnerable: |
Ipswitch IMail 6.2 Ipswitch IMail 6.1 Ipswitch IMail 6.0 Ipswitch IMail 5.0.8 Ipswitch IMail 5.0.7 Ipswitch IMail 5.0.6 Ipswitch IMail 5.0.5 Ipswitch IMail 5.0 |
| Not Vulnerable: | |
Discussion
Ipswitch IMail Server 5.x/6.x DoS Vulnerability
Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time.
Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted.
Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time.
Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted.
Solution / Fix
Ipswitch IMail Server 5.x/6.x DoS Vulnerability
Solution:
Ipswitch has released a patch for IMail Server, purchased version only. This patch does not fix the evaluation version.
Ipswitch IMail 6.0
Ipswitch IMail 6.1
Ipswitch IMail 6.2
Solution:
Ipswitch has released a patch for IMail Server, purchased version only. This patch does not fix the evaluation version.
Ipswitch IMail 6.0
-
Ipswitch imailsmtp
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/Imail/imailsmtp.exe
Ipswitch IMail 6.1
-
Ipswitch imailsmtp
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/Imail/imailsmtp.exe
Ipswitch IMail 6.2
-
Ipswitch imailsmtp
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/Imail/imailsmtp.exe
References
Ipswitch IMail Server 5.x/6.x DoS Vulnerability
References:
References:
- IMail - SMTP login problem for Eudora (Ipswitch)
- IMail Server Homepage (Ipswitch)