Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

VIGILANTE-2000008.txt

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 10
VIGILANTE-2000008.txt
VIGILANTE-2000008.txt
VIGILANTE-2000008.txt

NTMail Configuration Service DoS

Advisory Code: VIGILANTE-2000008

Release Date:
September 4, VIGILANTE-2000008.txt

NTMail Configuration Service DoS

Advisory Code: VIGILANTE-2000008

Release Date:
September 4, 2000

Systems Affected:
- NTMail V5 Alpha Processor
- NTMail V5 Intel Processor
- NTMail V6 Alpha Processor
- NTMail V6 Intel Processor

THE PROBLEM
The web configuration running on TCP port 8000 does not flush incomplete
HTTP requests, and thus it is possible to use up all the server ressources
within a very short time. During testing the CPU usage stayed around 90-99%
and within 2 minutes the www.exe service had consumed more than 250MB of
memory. An attack might result in the service crashing, when the system hits
the maximum pagefile size.

Vendor Status:
Gordano was contacted on the 19th of August (Saturday) and a reply was
received on the 21st of August. On The 22nd of August we received a fix,
which appears to fix the problem.

Fix (quote from the vendor):
"Gordano Limited, developers of the award winning mail server NTMail, are
pleased to have worked with Vigilante.com to secure their product
and protect their customers from a potential DoS exploit."

NTMail V5 Alpha Processor fix URL:
ftp://ftp.gordano.com/ntmail5/hotfixes/ntmail5g_alpha_20000830.zip

NTMail V5 Intel Processor fix URL:
ftp://ftp.gordano.com/ntmail5/hotfixes/ntmail5g_intel_20000830.zip

NTMail V6 Alpha Processor fix URL:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6_alpha_20000830.zip

NTMail V6 Intel Processor fix URL:
ftp://ftp.gordano.com/ntmail6/hotfixes/ntmail6_intel_20000830.zip


Vendor URL: http://www.gordano.com/
Product URL: http://www.ntmail.co.uk/
Copyright VIGILANTe 2000-08-19

Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.

Feedback:
Please send suggestions, updates, and comments to:

VIGILANTe
mailto: This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.vigilante.com
Social Media Share