/********************************************************** * * m00 security advistory #005 * * Memory-leak vulnerability in EServ/3.00 * * www.m00security.org * ************************************************************/ --------------------------------- Product: eServ Version: 2.95-3.00 OffSite: www.eserv.ru --------------------------------- Overview: eServ includes Mail, News, Web, FTP and Proxy Servers. It's the most popular russian server. Problem description: Several time ago similar vulnerability was founded in EServ/2.99 by SECURITEAM. It was noted, that EServ doesn't free alocated memory in the heap after each disconnect. We have discovered that similar problem exists in newest version of EServ. It's possible to kill EServ and freeze the whole system by sending a lot of data to EServ HTTP-service. We have tested this vulnerability in LAN against win2k. EServ ate all virtual-memory with total speed 10mb/s. Exploit: Remote Denial-of-Service exploit (*nix and win32 versions) against EServ/2.95-3.0 you can find on our official site: m00.void.ru Solution: Vendor was informated about vulnerability. Patched EServ/2.99 u can find here: ftp://ftp.eserv.ru/pub/beta/2.99/Eserv3463.zip (c) m00 Security / m00.void.ru
