1st Class Mail Server远程缓冲区溢出漏洞

1st Class Mail Server远程缓冲区溢出漏洞

漏洞ID 1107764 漏洞类型 边界条件错误
发布时间 2004-03-02 更新时间 2005-10-20
图片[1]-1st Class Mail Server远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2004-2375
图片[2]-1st Class Mail Server远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200412-719
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23787
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-719
|漏洞详情
1stClassMailServer是一款多功能邮件服务程序。1stClassMailServer在处理APOP命令时对用户提交数据缺少充分检查,远程攻击者可以利用这个漏洞对EMAIL服务器进行缓冲区溢出攻击,可能以EMAIL服务器进程权限在系统上执行任意指令。传递包含超长字符串作为参数的APOP命令给服务器,可导致覆盖堆栈中保存的指令指针,精心构建提交数据可能以进程权限在系统上执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/9794/info

1st Class Mail Server has been reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on user-supplied data.

A remote attacker may pass excessive data as an argument for an APOP command passed to the affected server. The attacker may exploit this issue to corrupt a saved instruction pointer and in doing so may potentially influence execution flow of the affected service into attacker-supplied instructions.

APOP user AAAA ... [626 * A] ... AAAA
|参考资料

来源:XF
名称:1st-class-apop-dos(15314)
链接:http://xforce.iss.net/xforce/xfdb/15314
来源:www.zone-h.org
链接:http://www.zone-h.org/advisories/read/id=4047
来源:BID
名称:9794
链接:http://www.securityfocus.com/bid/9794
来源:OSVDB
名称:4129
链接:http://www.osvdb.org/4129
来源:www.digiti.be
链接:http://www.digiti.be/jeffosz/advisories/1stclasspop3.txt
来源:SECUNIA
名称:11029
链接:http://secunia.com/advisories/11029
来源:SECTRACK
名称:1009279
链接:http://securitytracker.com/id?1009279
来源:NSFOCUS
名称:6126
链接:http://www.nsfocus.net/vulndb/6126

相关推荐: NetBSD ARP Cross Network Vulnerability

NetBSD ARP Cross Network Vulnerability 漏洞ID 1104767 漏洞类型 Origin Validation Error 发布时间 1999-05-21 更新时间 1999-05-21 CVE编号 N/A CNNVD-I…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享