Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Inframail Denial of Service Vulnerability

Inframail Denial of Service Vulnerability

by phiber on March 28th, 2001 There exists a paring problem in the handling of 302 pages by the server serving both the webpages and the administration interface for the members of the Inframail product family.




Introduction:



Inframail is an advanced SMTP, POP, HTTP and FTP server solution
available in 3 editions (Home, Small Business and Advantage) for
MS Windows 9x/NT/2k and Linux.



Inframail is available from vendor Infradig's website:

http://www.infradig.com



Problem:



There exists a paring problem in the handling of 302 pages by the
server serving both the webpages and the administration interface for
the members of the Inframail product family.



This allows for a DoS against the system through a malformed POST
request consisting of a space followed by a long string (276 bytes
or more) of characters. The running services will freeze and the
program will need to be restarted to regain full functionality.



DoS example on the default HTTP port (80):



# telnet victim 80

POST / Ax276 bytes/ HTTP/1.1



after which the running services freeze. The same effect can be
witnessed when running above on the administration port (default 81).



Solution:



Vendor has been notified and has corrected this issue. A new release
(v3.98a) of this product has been made available from the vendor's
website.



This was tested against Inframail v3.97a running on MS Windows NT



- Credit for this vulnerability goes to SNS Research


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »