CipherTrust IronMail远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196181 漏洞类型 设计错误
发布时间 2006-02-03 更新时间 2006-04-28
CVE编号 CVE-2006-0538 CNNVD-ID CNNVD-200602-041
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://cxsecurity.com/issue/WLB-2006020017
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-041
|漏洞详情
CipherTrustIronMail5.0.1在启用了"拒绝服务保护"之后,远程攻击者可以借助使用来自多个连接的畸形TCP包进行SYN洪水攻击来造成拒绝服务(可能导致高CPU占用率)。
|漏洞EXP
	IronMail 5.0.1 Denial of Service Protection Lets Remote Users Deny Service

Date
====
November 29, 2005 ? Research and Testing
Junary 10, 2006 ? Update Release

Vulnerability 
=============
SYN attack Denial of Service (Flood Connections)

Severity
========
High

Affect Products
===============
IronMail <= 5.0.1 
 
Local/ Remote
=============
Remote

Vendor Status
=============
Not response yet

Reference about the product
===========================
http://www.ciphertrust.com/products/cclass/

Credit
======
Alex Hernandez, (Bug Hunter)
Mark Ludwik, (Researcher)

Contact
=======
Mark Ludwick [at] d-fender.com

Description
===========
The IronMail C-class is designed to handle the email traffic of the most demanding email environments in the world,
including ISPs and multinational corporations with several geographically dispersed gateways.

Vulnerability Description
=========================
A vulnerability was reported in IronMail. A remote user can cause denial of service conditions.
If the target IronMail service is configured with "Denial of Service Protection" enabled, then a remote user can 
generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy.

Proof of Concept
================
You can use hping or perl scripts to created malformed packets and multiple connections. The service remains busy
and not blocks the DoS DDoS attacks.
|参考资料

来源:BID
名称:16465
链接:http://www.securityfocus.com/bid/16465
来源:BUGTRAQ
名称:20060203IronMail-5.0.1-Denialof-Service-Protection-Lets-Remote-Users-Deny-Service
链接:http://www.securityfocus.com/archive/1/archive/1/423898/100/0/threaded
来源:SECTRACK
名称:1015555
链接:http://securitytracker.com/id?1015555
来源:XF
名称:ironmail-tcpsyn-flood-dos(24445)
链接:http://xforce.iss.net/xforce/xfdb/24445
来源:SREASON
名称:407
链接:http://securityreason.com/securityalert/407