Alt-N WorldClient 2.2.2 DOS-Device Denial of Service Vulnerability

Bugtraq ID:	2478
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 15 2001 12:00AM
Updated:	Mar 15 2001 12:00AM
Credit:	Reported by Gründl <[email protected]>
Vulnerable:	Alt-N WorldClient 2.2.2 + Alt-N MDaemon 3.5.4
Not Vulnerable:	Alt-N WorldClient 2.2.3 + Alt-N MDaemon 3.5.6

Alt-N WorldClient 2.2.2 DOS-Device Denial of Service Vulnerability

Alt-N WorldClient 2.2.2 (Standard and Pro, Windows NT/2000 versions - included with versions of MDaemon email server prior to 3.5.6) can be crashed by requesting a DOS-Device name (eg., AUX, PRN, CON1, etc). A restart of the service is required to restore normal functioning.

Alt-N WorldClient 2.2.2 DOS-Device Denial of Service Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Alt-N WorldClient 2.2.2 DOS-Device Denial of Service Vulnerability

Solution:
Upgrade to at least version 3.5.6 of the MDaemon server (or 2.2.3 of WorldClient), available from Deerfield.


Alt-N WorldClient 2.2.2

• Alt-N wcsetup.exe
  ftp://ftp1.deerfield.com/pub/current/wcsetup.exe

Alt-N WorldClient 2.2.2 DOS-Device Denial of Service Vulnerability

References:

• Alt-N Homepage (Alt-N)
  
• MDaemon Server v3.X Release Notes (Alt-N)
  
• WorldClient Product Homepage (Alt-N)
  
• WorldClient Server Release Notes (Alt-N)