Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Gordano Messaging Suite (GMS) Can Be Crashed By Remote Users Sending Certain Invalid URLs
Categorie: Vulnerability
Posted: 2003-09-12 by ReCall
Views: 373
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: Some vulnerabilities were reported in the Gordano Messaging Suite (GMS) mail server. A remote user can cause the web-based services to crash. A remote authenticated user can obtain information about the system.



It is reported that a remote user can send an HTTP GET request such as "/../.." to the GMS web server on TCP port 80 to cause the 'www.exe' process to crash. As a result, all GMS web-based services are shutdown, the report said. The service must be restarted to return to normal operations.



On the Linux platform, the 'www' process does not crash, but rather, fails to timeout. In this case, the remote user can open multiple connections to cause the target server to become busy and deny service to other users.



It is also reported that a remote authenticated user can access the 'alertlist.mml' script to obtain information about the system, including usernames, domains, login times, and other information. A demonstration exploit URL is provided:



http://[target]:8000/admin/reports/alertlist.mml



Impact: A remote user can cause the GMS web-based services to crash.





A remote authenticated user can obtain information about the system, such as usernames, domains, login times, and other information.



Solution: The vendor has provided the following fixes:





Linux:



ftp://ftp.gordano.com/gms/3138/hotfixes/h20030905/linux/www_h20030905.zip



Windows:



ftp://ftp.gordano.com/gms/3138/hotfixes/h20030905/windows/www_h20030905.zip
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=424

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES