header-logo
Suggest Exploit
vendor:
MsgCore SMTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: MsgCore SMTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Denial of Service in Nosque Workshop’s MsgCore SMTP Server

There is a denial of service condition in Nosque Workshop's MsgCore SMTP server. The problem lies in memory used to store server input not being deallocated and eventually exhausted, causing the target NT host to freeze requiring a reboot. If a smtp client (or user sending input manually) sends multiple sequences of 'HELO/ MAIL FROM/ RCPT TO / DATA' in a single connection, the memory allocated to store all of those values will not be freed and the target will stop functioning once memory runs out.

Mitigation:

The vendor has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/930/info

There is a denial of service condition in Nosque Workshop's MsgCore SMTP server. The problem lies in memory used to store server input not being deallocated and eventually exhausted, causing the target NT host to freeze requiring a reboot. If a smtp client (or user sending input manually) sends multiple sequences of "HELO/ MAIL FROM/ RCPT TO / DATA" in a single connection, the memory allocated to store all of those values will not be freed and the target will stop functioning once memory runs out. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19725.zip

Navigation

Suggest Exploit

Services By CQR