Re: Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0

From: millhouseat_private
Date: Mon May 12 2003 - 16:02:57 PDT

Next message: Stefano Di Paola: "cdrtools2.0 Format String Vulnerability"

Previous message: Tom Perrine: "AIX sendmail open relay"
Maybe in reply to: Dennis Rand: "Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <000a01c316d1$a7b15ae0$1601a8c0@pc1441> Hi, i found a buffer overflow in CMailServer 4.0 a few weeks ago that already had been discovered in CMailServer 3.3 in May 2002. It seems that this bug has not been fixed in the current version. The buffer overflow is in the USER command makes it possible to overwrite the EIP. The problem is that every capital letter in the buffer that could given with the overflow is converted to small letters, so its impossible for me to write a working exploit that executes code. E:\>telnet localhost 110 +OK CMailServer 4.0 POP3 Service Ready USER "A"x524 millhouse, www.dsns.net

Next message: Stefano Di Paola: "cdrtools2.0 Format String Vulnerability"
Previous message: Tom Perrine: "AIX sendmail open relay"
Maybe in reply to: Dennis Rand: "Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 12:41:32 PDT