SecurityvulnsSECURITYVULNS:DOC:15997[Full-disclosure] Axigen <2.0.0b1 DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
attached are two DoS's used in part to win the beta testing
competition of Axigen (www.axigen.com) mail server for versions
<2.0.0b1, the vulnerabilities affect all platformsβ¦
The first exploit is a single byte underflow causing a probabilistic
integer overflow in a call to memcpy, it will require around 256
attempts before a reasonable probability of success is achieved.
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231520864 (LWP 8621)]
0xb7d37473 in memmove () from /lib/libc.so.6
(gdb) bt
#0 0xb7d37473 in memmove () from /lib/libc.so.6
#1 0x080a6d02 in ?? ()
#2 0x080a7177 in ?? ()
#3 0x0825afff in ?? ()
#4 0x080a2e77 in ?? ()
#5 0x0834cf6f in ?? ()
#6 0x0834a591 in ?? ()
#7 0x0834611d in ?? ()
#8 0x08373563 in ?? ()
#9 0xb7eda294 in start_thread () from /lib/libpthread.so.0
#10 0xb7d8832e in clone () from /lib/libc.so.6
(gdb) i r
eax 0xffffffff -1
ecx 0x3f92ce70 1066585712
edx 0xfffffff9 -7
ebx 0x0 0
esp 0xb69872a8 0xb69872a8
ebp 0xb69872d8 0xb69872d8
esi 0xbc9d000 197775360
edi 0xbc9cfff 197775359
eip 0xb7d37473 0xb7d37473 <memmove+35>
eflags 0x10212 [ AF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb)
The second problem simply causes a NULL pointer dereference and will
work flawlesslyβ¦
Neil K
([email protected])
([email protected])
"Only a few people will follow the proof. Whoever does will
spend the rest of his life convincing people it is correct."
- Anonymous, "P ?= NP"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyzgN+gf4mLMNJygRCHquAKCsdTkq4ZpcobnNOO1Il6AgbRouYgCfVkY2
5/4UqsuilwccN1ggvchDERU=
=+qy/
-----END PGP SIGNATURE-----