|
|
| |
| Infinite InterChange is a Windows based mail server for organizations that need to expand their network messaging. Infinite InterChange has many functions, ranging from standalone mail server to Internet gateway. A security vulnerability in the product allows the recreation of Denial of Service attack against the product and possibly the execution of arbitrary code. |
| |
Credit:
The information has been provided by SNS Research.
|
| |
Vulnerable systems:
Infinite InterChange 3.61
One of Interchange's main features is a popular webmail interface. This interface and its supporting HTTP server are subject to a Denial of Service attack through a malformed POST request.
The HTTP server coming with InterChange contains an overflow in the POST command. Submitting a specially crafted POST request comprised of 963 bytes or more to the server's HTTP port will cause the program to crash.
Example:
$ telnet victim.example.com 80
POST aaa..aaa [963+ bytes] HTTP/1.0
The server process will die.
Vendor Response:
Vendor has been notified.
|
|
|
|
|
