SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   WinGate Vendors:   Qbik IP Management Limited
WinGate IMAP Service Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1020644
SecurityTracker URL:  http://securitytracker.com/id/1020644
CVE Reference:   CVE-2008-3606   (Links to External Site)
Updated:  Aug 15 2008
Original Entry Date:  Aug 8 2008
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 6.2.2
Description:   A vulnerability was reported in WinGate. A remote authenticated user can cause denial of service conditions.

A remote authenticated user can send a specially crafted LIST command to cause the target service to prevent additional IMAP connections.

A demonstration exploit is provided:

A01 LOGIN <user> <password>
A02 LIST Ax1000 *

The vendor has been notified.

Joao Antunes reported this vulnerability.

Impact:   A remote authenticated user can prevent the target IMAP service from accepting IMAP connections.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.wingate.com/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [AJECT] WinGate Email Server (IMAP) vulnerability

----------------------------------------
Synopsis
----------------------------------------
WinGate is vulnerable to denial-of-service (DoS) attacks caused  
probably by a resource exhaustion vulnerability.
The IMAP server ceases to provide access to its clients after  
processing a LIST command with a large parameter (see details bellow).

Product: WinGate
Version: 6.2.2 and probably the older versions
Vendor: Qbik (www.wingate.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted several times since the  
vulnerability was discovered.


----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages  
to the imap server:
A01 LOGIN <user> <password>
A02 LIST Ax1000 *

Depending on the server's resources, it may be required to repeat the  
above exploit to deplete its resources. (in a 512MB RAM configuration,  
the exploit was executed twice)
The above exploit caused the server to reject all subsequent  
connections with a "NO access denied" reply thus resulting in a remote  
denial of service.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC