FirstClass Internet Services large To: header denial of service
| firstclass-large-bcc-dos (4843) |  Medium Risk |
Description:
FirstClass Internet Services is vulnerable to a denial of service attack. If a message is received that has a unusually large To: header (such as many spam messages do), it causes the FCIS server processes to hang and have to be restarted.
Platforms Affected:
- Larry Doolittle and Jon Nelson, Boa Webserver
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Denial of Service
References:
- NTBugTraq Mailing List, Tue, 27 Jun 2000 23:11:43 -0400, DoS in FirstClass Internet Services 5.770 at http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0006&L=ntbugtraq&F=P&S=&P=10788.
- BID-1421: Centrinity FirstClass Intranet Server Long Header Denial of Service Vulnerability
- CVE-2000-0570: FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.
- OSVDB ID: 5718: FirstClass Internet Services Email To Overflow
Reported:
Jun 27, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net