Intel InBusiness eMail Station缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106048 漏洞类型 缓冲区溢出
发布时间 2000-10-20 更新时间 2006-08-09
CVE编号 CVE-2000-0989 CNNVD-ID CNNVD-200012-190
漏洞平台 Hardware CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20328
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-190
|漏洞详情
IntelInBusinesseMailStation1.04.87POP服务存在缓冲区溢出漏洞。远程攻击者可以借助超长用户名导致服务拒绝以及可能执行命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/1844/info

A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By supplying a string for USER of approximately 620 characters in length, it is possible for a remote attacker to overflow the relevant buffer. The device will halt in response, requiring the unit to be powered down and restarted. In addition to this denial of service, an attacker sufficiently familiar with the hardware architecture and firmware of this platform may, potentially, be able to exploit this overflow to place malicious machine code on the stack, permitting interference with or modification of the device's software, interception of messages, or another compromise of the unit's normal function.

[foo@bar]$ telnet mailstation 110
Trying mailstation...
Connected to mailstation.
Escape character is '^]'.
+OK Pop server at mailstation starting. <2831812.972049732@mail>
user [buffer]

where [buffer] is appx. 620 chars of your own choice.(tried A and %, expect
all to work)

Symptoms: The box(a nice little piece of hardware with built-in harddrive
and all) will stop responding, and needs a power cycle to restore function.
|参考资料

来源:XF
名称:intel-email-username-bo
链接:http://xforce.iss.net/static/5414.php
来源:BUGTRAQ
名称:20001020DoSinIntelcorporation'InBusinesseMailStation'
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
来源:OSVDB
名称:6488
链接:http://www.osvdb.org/6488