<<< Date Index >>>     <<< Thread Index >>>

Memory-leak vulnerability in EServ/3.00



/**********************************************************
*
*               m00 security advistory #005
*
*        Memory-leak vulnerability in EServ/3.00
*
*                    www.m00security.org
*
************************************************************/

---------------------------------
Product: eServ
Version: 2.95-3.00
OffSite: www.eserv.ru
---------------------------------

Overview:

eServ includes Mail, News, Web, FTP and Proxy Servers.
It's the most popular russian server.

Problem description:

Several time ago similar vulnerability was founded in EServ/2.99
by SECURITEAM. It was noted, that EServ doesn't free
alocated memory in the heap after each disconnect. We have discovered
that similar problem exists in newest version of EServ.
It's possible to kill EServ and freeze the whole system by sending
a lot of data to EServ HTTP-service.
We have tested this vulnerability in LAN against win2k. EServ ate
all virtual-memory with total speed 10mb/s.

Exploit:

Remote Denial-of-Service exploit (*nix and win32 versions) against
EServ/2.95-3.0 you can find on our official site: m00.void.ru

Solution:

Vendor was informated about vulnerability.
Patched EServ/2.99 u can find here:
ftp://ftp.eserv.ru/pub/beta/2.99/Eserv3463.zip

(c) m00 Security / m00.void.ru