qcred11
Jul 12 2004, 10:00 PM
Ability Mail Server Lets Remote Users Deny Service and Conduct Cross-Site Scripting Attacks
| QUOTE |
Date: 11/07/2004
Severity:
Low
Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
windows 9x
Description:
"Ability Mail Server has been designed to be small, fast, reliable, advanced and very
feature rich.
This easy to use mail server supports SMTP, POP3, IMAP4, WebMail, Remote Admin, Virus
Protection and
much more."
Two vulnerabilities have been identified in Ability mail server 1.18 that may allow a
malicious user
to get access to a remote sustem or cause a Dos attack.
1 - The first vulnerability is an Xss attack. Input passed to "errormsg" parameter isn't
properly sanitised
before being returned to users.This can be exploited to execute arbitrary HTML and script
code in a user's
browser session in contextof a vulnerable site by tricking the user into visiting a
malicious website or
follow a specially crafted link.
example: http://127.0.0.1:8000/_error?id=[id]&errormsg=[exploit_code]
example: http://127.0.0.1:8000/_error?id=[id]&errormsg=<script>alert(document.cookie)</script>
2 - The second vulnerability is a denial of service condition. By establishing about
150-200 connections
with three services at the same time CPU usage will hit 100% and the system will stop
offering any services.
example: Try to establish at the same time 150-200 connection with Webmail service(8000),
admin service(8880) and SMTP service (25).
Workaround:
Use another product.
Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/
Feedback
Please send your comments to: dr_insane@pathfinder.gr
|
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
