SmarterMail Web Server Denial of Service Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

SmarterMail Web Server Denial of Service Vulnerability - Security - World -

CWRedLight

(Date : 08.04.2008 17:01:54)

SmarterMail Web Server Denial of Service Vulnerability

Secunia Advisory:	SA29732
Release Date:	2008-04-08

Critical:	Moderately critical
Impact:	DoS
Where:	From remote
Solution Status:	Unpatched

Software:	SmarterMail 5.x

	This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released!

Description:
Matteo Memelli has reported a vulnerability in SmarterMail, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the HTTP request handling in SmarterMail Web Server (SMWebSvr.exe), which can be exploited to terminate the service by sending e.g. an overly long GET, HEAD, PUT, POST, or TRACE request.

The vulnerability is reported in version 5.0.2999. Other versions may also be affected.

Solution:
Restrict network access to trusted users.

Provided and/or discovered by:
Matteo Memelli

Derecelendir

Kaynak

http://secunia.com/advisories/29732/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS