NetWin DMail dlist authentication bypass
| dmail-dlist-bypass-authentication (20412) |  Medium Risk |
Description:
NetWin DMail could allow a remote attacker to bypass authentication and view log files or cause a denial of service. A remote attacker could connect to the dlist.exe mailing list server on TCP port 7111 and send sendlog or shutdown commands to view log files or shut down the service.
Consequences:
Bypass Security
Remedy:
No remedy available as of July 9, 2011.
References:
- DMail Web site: DMail -- Unix/Windows Mail Server Software.
- SIG^2 Vulnerability Research Advisory Release Date: 03 May 2005: NetWin DMail Server Two Vulnerabilities.
- BID-13497: NetWin DMail DList Remote Authentication Bypass Vulnerability
- CVE-2005-1516: DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
- SA15242: NetWin DMail Server Two Vulnerabilities
Platforms Affected:
- NetWin DMail 3.1a NT
Reported:
May 03, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net