Hi Solo,
The server is not going to crash, you have to attach a debugger like
ollydbg and see what happens,
it reaches the 4 byte overwrite.
Best regards,
kcope
. Solo schrieb:
Hi,kcope
I test your poc, the server of mdeamon did not crash.
The server send the [RST] to the client to reset the
the version I test is Mdaemon 9.0.12006/5/29, . Solo <[EMAIL PROTECTED]>:
Hi,kcopeI test your poc, the server of mdeamon did not crash.The server send the [RST] to the client to reset the request.Best regardsSolo
___
Full-Disclosure - We believe in it.
Hi,kcopeI test your poc, the server of mdeamon did not crash.The server send the [RST] to the client to reset the request.Best regardsSolo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
if this is about "how to ruin a discovery" do you excel dude, keep it up.
kcope wrote:
> MDAEMON LATEST VERSION PREAUTH *REMOTE ROOT HOLE*
>
> zeroday discovered by kcope kingcope[at]gmx.net !!!
> shouts to alex,wY!,bogus,revoguard,adizeone
>
> Desc
MDAEMON LATEST VERSION PREAUTH *REMOTE ROOT HOLE*
zeroday discovered by kcope kingcope[at]gmx.net !!!
shouts to alex,wY!,bogus,revoguard,adizeone
Description
There's a remotely exploitable preauthentication hole in Alt-N MDaemon.
It is a Heap Overflow in the IMAP Daemon.
It can be triggered by s
