Nmap Development mailing list archives
[NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 22 Jun 2011 23:43:24 +0100
Hi, Please find attached a script that will try to check and exploit two vulnerabilities in the Exim SMTP server: o CVE-2010-4344: heap overflow vulnerability [1] o CVE-2010-4345: privileges escalation vulnerability [2] The script was tested against Ubuntu and Debian. x86 architectures were exploited successfully. On x86_64 the smtpd child will be killed, but the script can detect this and report it. To enable the exploit use the 'smtp-vuln-cve2010-4344.exploit' script argument, but keep in mind that it can send more than 50MB of data (50MB of 'Nmap' payload :) ), and you should avoid running this script with the debug level -d3. The privileges escalation vulnerability is exploited only if the heap overflow exploit succeed, otherwise the script will just check the versions. For more information please read the description of the script. Finally some of the logic of this script is based on the metasploit module: http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4344 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4345 -- tixxdz http://opendz.org
Attachment:
smtp-vuln-cve2010-4344.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 22)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Henri Doreau (Jun 22)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 23)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 24)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 23)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Henri Doreau (Jun 22)