home *** CD-ROM | disk | FTP | other *** search
- Subject: [w00giving '99 #18] Ipswitch's IMonitor server (IMail package)
- Release Date: January 05, 2000
-
- Systems Affected:
- IMail IMONITOR v5.08 (port 8181) server for WinNT and possibly other
- versions.
-
- NOTE: IMail v6.0 isn't public; thus, it hasn't been tested.
-
- About The Software:
- Good for school, bussiness, and server providers. Unlike Microsoft
- Exchange and Lotus Notes, which are costly to deploy and cumbersome to
- administer, IMail is easy to install and manage.
-
- THE PROBLEM
-
- UssrLabs has found a vulnerability in status.cgi caused by making
- several sequential calls to status.cgi. This script checks to
- see what services are running and can cause an "invalid
- memory address error" in Dr. Watson when several requests are sent.
-
- Example:
- Open In Internet Explorer: http://ServerIp:8181/status.cgi and you
- will see something like this:
-
- |-----------------------|
- |Service | Status |
- |SMTP | UP |
- |POP3 | UP |
- |DNS | UP |
- |WEB | UP |
- |TELNET | UP |
- |FTP | UP |
- |03:33:00 | 03:32:00 |
- ...
-
- If you run status.cgi several times, the server will crash.
- Binary or source to this exploit: http://www.ussrback.com.
-
-
- Do you do the w00w00?
- This advisory also acts as part of w00giving. This is another
- contribution to w00giving for all you w00nderful people out there.
- You do know what w00giving is don't you? http://www.w00w00.org/advisories.html
-
- Vendor Status:
- Contacted--tracking number for this inquiry is IMS2000010500000096
-
- Program URL: http://www.ipswitch.com/Products/IMail_Server/index.asp
-
- SOLUTION
- Because Ipswitch doesn't release source, wait for them to provide
- a patch.
-
- Greetings:
- eEye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN,
- Technotronic, and Wiretrip
-
- u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
- http://www.ussrback.com
-
