lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.44.0405112216320.2881-100000@scratch>
From: nd at felinemenace.org (ned)
Subject: Mdaemon 7.0.1 IMAP overflow.

Let it be known that this bug is after authentication ("postauth") and 
therefore useless.

In the current version of Mdaemon from ALTN there exists an easy to 
exploit, run-of-the-mill stack overflow.

By authenticating and sending a large argument to the STATUS command in 
the IMAP component, a buffer will be overflown, and a access violation 
will be caused.

To reproduce:
cd SMUDGE;wget 
http://felinemenace.org/~nd/SMUDGE/Mdaemon/Mdaemon7.0.1Stack.py; python 
Mdaemon7.0.0.1Stack.py.

Change the user and password first.

Thanks to:
- Dave Aitel for his neet spike scripts which convert to SMUDGE scripts 
quite easily :)
- rootkit.com

Not sure if the vendor knows about it.

Thanks,
nd

ps: second public release from the UBC, we have to make space for the new 
vulns :)
-- 
http://felinemenace.org/~nd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ