Info

Disclosure

Dec 31, 2004

Discovery

Dec 04, 2004

Dates

Exploit

Dec 31, 2004

Solution

Unknown

Description

Macallan Mail Solution contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted HTTP GET request which begins with a question mark character, and will result in loss of availability for the MCPop3 service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 4.1.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Macallan

Macallan Mail Solution

4.0.6.8 (Build 786)

References

Security Tracker: 1012746
Bugtraq ID: 12137
Related OSVDB ID: 12674
Secunia Advisory ID: 13710
ISS X-Force ID: 18727
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0002.html
Vendor URL: http://macallan.club.fr/MMS/index.html
Other Advisory URL: http://www.cirt.dk/Advisories/cirt-27-advisory.pdf

Credit

Dennis Rand - advisorycirt.dk - Danish Computer Incident Response Team

Direct URL: http://osvdb.org/36218