WebShield SMTP domain name period denial of service
| webshield-smtp-dos (5100) |  Medium Risk |
Description:
Network Associates WebShield is vulnerable to a denial of service attack caused by a domain name with a trailing period. Normally, there should not be a difference between a normal domain name, and a domain name followed by a period. An attacker can send an email that contains a trailing period after the domain name through the WebShield SMTP service to cause the program to begin an infinite loop of sending itself a copy of the email. This infinite loop can consume all available resources on the computer and cause it to crash. The server must be restarted, and the offending email must be deleted, for the server to regain normal functionality.
Platforms Affected:
- McAfee, WebShield 4.5
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Denial of Service
References:
- BugTraq Mailing List, Fri Aug 18 2000 - 16:12:21 CDT, WebShield SMTP infinite loop DoS Attack at http://archives.neohapsis.com/archives/bugtraq/2000-08/0237.html.
- BID-1589: Network Associates WebShield SMTP Trailing Period DoS Vulnerability
- CVE-2000-0738: WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
Reported:
Aug 18, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net