<<< Date Index >>>     <<< Thread Index >>>

IronMail-5.0.1-Denial of-Service-Protection-Lets-Remote-Users-Deny-Service



        IronMail 5.0.1 Denial of Service Protection Lets Remote Users Deny 
Service



Date
====
November 29, 2005 ? Research and Testing
Junary 10, 2006 ? Update Release

Vulnerability 
=============
SYN attack Denial of Service (Flood Connections)

Severity
========
High

Affect Products
===============
IronMail <= 5.0.1 
 
Local/ Remote
=============
Remote

Vendor Status
=============
Not response yet

Reference about the product
===========================
http://www.ciphertrust.com/products/cclass/

Credit
======
Alex Hernandez, (Bug Hunter)
Mark Ludwik, (Researcher)

Contact
=======
Mark Ludwick [at] d-fender.com


Description
===========
The IronMail C-class is designed to handle the email traffic of the most 
demanding email environments in the world,
including ISPs and multinational corporations with several geographically 
dispersed gateways. 

Vulnerability Description
=========================
A vulnerability was reported in IronMail. A remote user can cause denial of 
service conditions.
If the target IronMail service is configured with "Denial of Service 
Protection" enabled, then a remote user can 
generate a TCP SYN flood, sending malformed packets via multiple connections to 
cause the server to become busy.


Proof of Concept
================
You can use hping or perl scripts to created malformed packets and multiple 
connections. The service remains busy
and not blocks the DoS DDoS attacks.