If IronMail-5.0.1 is configured with "Denial of Service Protection" enabled, then a remote user can generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy resulting in DOS.
120c146955918d7fdcd88bc8f6b3764dbffad44a4160ac82040a3a38c7940369
IronMail 5.0.1 Denial of Service Protection Lets Remote Users Deny Service
Date
====
November 29, 2005 – Research and Testing
Junary 10, 2006 – Update Release
Vulnerability
=============
SYN attack Denial of Service (Flood Connections)
Severity
========
High
Affect Products
===============
IronMail <= 5.0.1
Local/ Remote
=============
Remote
Vendor Status
=============
Not response yet
Reference about the product
===========================
https://www.ciphertrust.com/products/cclass/
Credit
======
Alex Hernandez, (Bug Hunter)
Mark Ludwik, (Researcher)
Contact
=======
Mark Ludwick [at] d-fender.com
Description
===========
The IronMail C-class is designed to handle the email traffic of the most demanding email environments in the world,
including ISPs and multinational corporations with several geographically dispersed gateways.
Vulnerability Description
=========================
A vulnerability was reported in IronMail. A remote user can cause denial of service conditions.
If the target IronMail service is configured with "Denial of Service Protection" enabled, then a remote user can
generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy.
Proof of Concept
================
You can use hping or perl scripts to created malformed packets and multiple connections. The service remains busy
and not blocks the DoS DDoS attacks.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed