#384 Buffer Overflow

Version_0.6
closed
POP3 (162)
9
2012-10-09
2004-10-02
No

A POP3 USER request with more than 180 bytes will start
to corrupt the heap.
POP3 request (Dos Attack):

Telnet localhost 110
+OK POP3 YahooPOPs! Proxy ready
[USER][180xA][BBBB]

As a result EAX and ECX will be overwritten.

SMTP request:
Sending a request with more than 504 bytes will
overwrite ESP and cause a stack
based overflow.

Telnet localhost 25
220 YahooPOPs! Simple Mail Transfer Service Ready
[504xA] [BBBB]

As a result The EIP registers will be overwritten.

Please check http://www.hat-squad.com/en/000075.html
for a proof of concept...

Discussion

  • Marc Bejarano

    Marc Bejarano - 2004-11-14

    Logged In: YES
    user_id=5587

    how could a remote exploit possibly be priority 9?!

     
  • Don Beusee

    Don Beusee - 2005-01-29

    Logged In: YES
    user_id=815616

    This should be fixed in 0.6.050112. You can download from
    http://dbeusee.home.comcast.net/ until we make an official 0.7
    release.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks