[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Denial of Service in McAfee Email Gateway (formerly IronMail)
# Published : 2010-04-06
# Author : Nahuel Grisolia
# Previous Title : Jzip v1.3 (.zip) Unicode buffer overflow 0day PoC
# Next Title : Virata EmWeb R6.0.1 Remote Crash Vulnerability
Advisory Name: Denial of Service in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Denial of Service
Release Date: Tue Apr 6, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Medium ¨C CVSS: 4.6 (AV:L/AC:L/Au:S/C:N/I:N/A:C)
Researcher: Nahuel Grisol¨ªa
Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
Users inside the CLI can run some kind of ¡°Fork Bomb¡± in order to saturate system resources because
of an insecure ulimit value.
Download:
http://www.exploit-db.com/sploits/cybsec_advisory_2010_0401.pdf