Bugtraq: Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit

From: Jerome ATHIAS <jerome () athias fr>
Date: 21 Nov 2004 02:44:29 -0000

In-Reply-To: <Pine.LNX.4.58.0411201323040.11076 () forced attrition org>

On Thu, 18 Nov 2004, [iso-8859-1] J=E9r=F4me ATHIAS wrote:

: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit
:
: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0942

CAN-2004-0942 (under review)

Description
Apache webserver 2.0.52 and earlier allows remote attackers to cause a
denial of service (CPU consumption) via an HTTP GET request with a MIME
header containing multiple lines with a large number of space characters.


Thanks to point our eyes on this mistake.
In fact there is an error here:
http://www.k-otik.com/exploits/20041118.SLmail-5.5-POP3-PASS.py.php
sure it'll be soon corrected ;p


Perhaps you meant CAN-2003-0264:

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to
execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a
long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a
long password to the POP3 server.

Or is this a new/different issue?


It is another one discovered recently my muts

regards,
Jerome

By Date By Thread

Current thread:

SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jérôme ATHIAS (Nov 19)
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit security curmudgeon (Nov 20)
- <Possible follow-ups>
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jerome ATHIAS (Nov 20)