Rockliffe MailSite HTTP Management Agent WCONSOLE.DLL Crafted Parameter DoS

2006-01-20T07:48:14
ID OSVDB:22678
Type osvdb
Reporter Rahul Mohandas()
Modified 2006-01-20T07:48:14

Description

Vulnerability Description

MailSite contains a flaw that may allow a remote denial of service. The issue is triggered when certain special characters are passed as parameters to WCONSOLE.DLL, and will result in loss of availability for the service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Rockliffe has released a patch to address this vulnerability.

Short Description

MailSite contains a flaw that may allow a remote denial of service. The issue is triggered when certain special characters are passed as parameters to WCONSOLE.DLL, and will result in loss of availability for the service.

Manual Testing Notes

http://[target]:90/CGI-BIN/WCONSOLE.DLL?Authenticate|cmd

References:

Vendor URL: http://www.rockliffe.com/products/mailsite-email-server-software.asp Vendor Specific Solution URL: ftp://ftp.rockliffe.com/MailSite/Latest/Hotfixes/ Secunia Advisory ID:18551 Related OSVDB ID: 22677 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0750.html FrSIRT Advisory: ADV-2006-0284 CVE-2006-0342 Bugtraq ID: 16331