Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: bt1047.txt

Gordano Messaging Suite - Multiple Vulnerabilities

Release Date: 09/04/2003 

Gordano Messaging Suite – Multiple Vulnerabilities 

Gordano Messaging Suite is the powerful messaging server running on
Windows, Linux, Solaris and AIX. It is being used by over twenty four
thousand customers, in more than ninety countries, covering all sectors
(Airlines, Press, Government Agencies, Education, Industry, etc..)”

Gordano Messaging Suite is being widely used by some major organizations
such as Compaq, Xerox, NASA, Cisco System, AT&T, FedEx etc

More information at 

Version : Gordano Messaging Suite version 9, build
3138 (latest build) 
Tested Platform : Windows 2000, Windows XP
Professional, Linux(x86) 

Multiple vulnerabilities in Gordano Messaging Suite
(GMS) result in DoS attack and information disclosure
(usernames, login time, domains, etc…). 

[Vulnerability #1] Remote DoS 

x:\<Gordano Path>/bin/WWW.exe listens on the following
ports to provide GMS Administration, WebMail
Professional, WebMail Express, WebMail Mobile, Instant
Messaging, and Web Server services to users: 80, 8000,
8025, 8081, 8888, 9000. 

When a user sending a request like this /../.. to GMS
Web Server at port 80 will cause www.exe process
terminated and all services that WWW.exe provides are
shutdown immediately. 

~$ telnet 
Connected to 
Escape character is '^]'. 
GET /../.. HTTP/1.0 

Connection closed by foreign host. 

On Linux, the vulnerability doesn’t cause the
/gordano/bin/WWW process terminated but it never times
out and if an attacker opens up like 15-20 connections
sending /../.. requests it will probably enough to
keep GMS Server busy and deny providing services to
other legitimate users. 

Restarting the service is needed in order to gain
normal functionality. 

[Vulnerability #2] Information Disclosure [require
valid user credential] 

Alertlist.mml provides information about users who
have logged in to the GMS Server and discloses some
useful information to the attackers such as usernames,
domains, logged in time, etc…. and it’s supposed to be
accessed by GMS Server's Administrator only but a
normal WebMail user can also access to that script
without the need of login as an admin.

Vendor has verified the issues and click on the
following links to download the patch. 

Linux platform :

Windows platform :

Author: Phuong Nguyen 

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH