SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   wMailServer Vendors:   SoftiaCom
wMailServer Can Be Crashed By Remote Users and Discloses Passwords to Local Users
SecurityTracker Alert ID:  1014450
SecurityTracker URL:  http://securitytracker.com/id/1014450
CVE Reference:   CVE-2005-2227   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jul 12 2005
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0
Description:   Two vulnerabilities were reported in wMailServer. A remote user can cause the mail service to crash. A local user can obtain the administrative password.

A remote user can connect to the SMTP service on the target system and send approximately 539 characters to cause the target mail service to crash.

A demonstration exploit is available at:

http://alpha-infosound.org/secubox/.data/dos_wms/

The server stores passwords in plain text in the Windows Registry under 'HKEY_CURRENT_CONFIG\Software\Darsite\MAILSRV\Admin'.

fRoGGz reported this vulnerability.

Impact:   A remote user can cause the mail service to crash.

A local user can obtain the administrative password.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.softiacom.com/ (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC