Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption | Metasploit Exploit Database (DB)

Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption

This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution.

Search Other Modules


Rank

  • Normal

Authors

  • patrick < patrick [at] osisecurity.com.au >

Vulnerability References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/dos/smtp/sendmail_prescan
msf auxiliary(sendmail_prescan) > set RHOST [TARGET IP]
msf auxiliary(sendmail_prescan) > run


Module Options

MAILFROM FROM address of the e-mail (default: zombie@brains.net)
MAILTO TO address of the e-mail (default: human@ahhhzombies111.net)
RHOST The target address
RPORT The target port (default: 25)
CHOST The local client address
CPORT The local client port
ConnectTimeout Maximum number of seconds to establish a TCP connection
Proxies Use a proxy chain
SSL Negotiate SSL for outgoing connections
SSLVersion Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module
TCP::max_send_size Maxiumum tcp segment size. (0 = disable)
TCP::send_delay Delays inserted before every send. (0 = disable)