MAILsweeper for SMTP Corrupt CDA Document DoS

2000-10-26T04:34:26
ID OSVDB:5830
Type osvdb
Reporter Raj Wurttemberg(raj@starbase-01.com)
Modified 2000-10-26T04:34:26

Description

Vulnerability Description

MAILsweeper for SMTP contains a flaw that may allow a remote denial of service. The issue is triggered when a corrupt document is attached to an email, and will result in loss of availability for the MAILsweeper service.

Solution Description

Upgrade to version 4.1_7 or higher, as it has been reported to fix this vulnerability by adding a 5-minute time out for each message. An upgrade is required as there are no known workarounds.

Short Description

MAILsweeper for SMTP contains a flaw that may allow a remote denial of service. The issue is triggered when a corrupt document is attached to an email, and will result in loss of availability for the MAILsweeper service.

References:

Vendor Specific Solution URL: http://www.mimesweeper.com/support/msw/patch_smtp.aspx Mail List Post: http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html ISS X-Force ID: 5641 CVE-2000-0932