IronMail 5.0.1 Denial of Service Protection Lets Remote Users Deny Service
Date
====
November 29, 2005 ? Research and Testing
Junary 10, 2006 ? Update Release
Vulnerability
=============
SYN attack Denial of Service (Flood Connections)
Severity
========
High
Affect Products
===============
IronMail <= 5.0.1
Local/ Remote
=============
Remote
Vendor Status
=============
Not response yet
Reference about the product
===========================
http://www.ciphertrust.com/products/cclass/
Credit
======
Alex Hernandez, (Bug Hunter)
Mark Ludwik, (Researcher)
Contact
=======
Mark Ludwick [at] d-fender.com
Description
===========
The IronMail C-class is designed to handle the email traffic of the most demanding email environments in the world,
including ISPs and multinational corporations with several geographically dispersed gateways.
Vulnerability Description
=========================
A vulnerability was reported in IronMail. A remote user can cause denial of service conditions.
If the target IronMail service is configured with "Denial of Service Protection" enabled, then a remote user can
generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy.
Proof of Concept
================
You can use hping or perl scripts to created malformed packets and multiple connections. The service remains busy
and not blocks the DoS DDoS attacks.
IronMail 5.0.1 Denial of Service Protection Lets Remote Users Deny Service
Date
====
November 29, 2005 ? Research and Testing
Junary 10, 2006 ? Update Release
Vulnerability
=============
SYN attack Denial of Service (Flood Connections)
Severity
========
High
Affect Products
===============
IronMail <= 5.0.1
Local/ Remote
=============
Remote
Vendor Status
=============
Not response yet
Reference about the product
===========================
http://www.ciphertrust.com/products/cclass/
Credit
======
Alex Hernandez, (Bug Hunter)
Mark Ludwik, (Researcher)
Contact
=======
Mark Ludwick [at] d-fender.com
Description
===========
The IronMail C-class is designed to handle the email traffic of the most demanding email environments in the world,
including ISPs and multinational corporations with several geographically dispersed gateways.
Vulnerability Description
=========================
A vulnerability was reported in IronMail. A remote user can cause denial of service conditions.
If the target IronMail service is configured with "Denial of Service Protection" enabled, then a remote user can
generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy.
Proof of Concept
================
You can use hping or perl scripts to created malformed packets and multiple connections. The service remains busy
and not blocks the DoS DDoS attacks.
[ reply ]