COMMAND

    MDaemon

SYSTEMS AFFECTED

    MDaemon 3.5.4

PROBLEM

    Following is based on a Defcom Labs Advisory def-2001-11 by  Peter
    Grundl.   Webservices in  the Mdaemon  package can  be crashed  by
    requesting a malicious URL.

    There is  a problem  with the  way the  Worldclient (default  port
    3000)  and  the  Webconfig  service  (default  port  3001)  handle
    requests for dos-devices.

    If  a   user  requests   eg.  "http://www.foo.org:3000/aux",   the
    Worldclient  service  will  crash.   The  same  fault  affects the
    Webconfig service.   The service  needs to  be restarted  from the
    Mdaemon console.

    The CON/CON didn't  affect NT (not  natively anyway).   Windows NT
    and 2000  run on  different kernels  than Win9x  (if you  can call
    those kernels?), and dos-devices (AFAIK) are implemented virtually
    on NT/2000.  A fully  patched Windows NT/2000 is still  vulnerable
    to this attack if the host runs Mdaemon < 3.5.6.  Besides it's not
    a request  for a  dos-device inside  a dos-device  (which is  what
    triggered the old Win9x DoS).

SOLUTION

    Upgrade to MDaemon 3.5.6:

        http://mdaemon.deerfield.com/download/getmdaemon.cfm