Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Multiples Remotes DoS Attacks in MDaemonServer v2.8.5.0Vulnerability
From: n-miwa () LAC CO JP (Nobuo Miwa)
Date: Wed, 1 Dec 1999 16:04:08 -0500


Another issue related to 350 simultaneous MDConfig connections has
recently surfaced at ASCII Japan.  MDaemon can be configured to allow
secure MDConfig connections which will prevent this problem from ever
occurring.  This can be done now, however the 11/30/99 full patch will
contain additional coding to prevent such a problem from occuring in
the event that the system admin has left the port wide open for anyone
to exploit.

I can't see that patch. And besides,it is NOT affected only on MDConfig
port. I can see same problem on POP port.
So, all MDaemon 2.8.5 users should use that patch for preventing
that too much connect() DoS. Not just MDConfig port.

Nobuo Miwa

<Nobuo Miwa> n-miwa () lac co jp  ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]