Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.10137
Category:Denial of Service
Title:MDaemon DoS
Summary:NOSUMMARY
Description:Description:

It was possible to crash the remote SMTP server
by opening a great amount of sockets on it.


This problem allows an attacker to make your
SMTP server crash, thus preventing you
from sending or receiving e-mails, which
will affect your work.


*** Note that due to the nature of this vulnerability,
*** Nessus can not be 100% positive on the effectiveness of
*** this flaw. As a result, this report might be a false positive

Solution :
If your SMTP server is constrained to a maximum
number of processes, i.e. it's not running as
root and as a ulimit 'max user processes' of
256, you may consider upping the limit with 'ulimit -u'.

If your server has the ability to protect itself from
SYN floods, you should turn on that features, i.e. Linux's CONFIG_SYN_COOKIES

The best solution may be Cisco's 'TCP intercept' feature.


Risk factor : High

Cross-Ref: BugTraq ID: 8554
Common Vulnerability Exposure (CVE) ID: CVE-1999-0846
Bugtraq: 19991129 MDaemon 2.7 J DoS (Google Search)
Bugtraq: 19991130 Fwd: RE: Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability (Google Search)
CopyrightThis script is Copyright (C) 1999 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.