CVE-2003-0487
published 2003-08-07CVE-2003-0487: Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.37%
95.4th percentile
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kerio | kerio_mailserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Kerio MailServer 5.6.3 - Remote Buffer Overflow
exploitdb·2003-06-27
CVE-2003-0487 Kerio MailServer 5.6.3 - Remote Buffer Overflow
Kerio MailServer 5.6.3 - Remote Buffer Overflow
---
/* Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 */
/* ========================================= */
/* By B-r00t */
/* */
/* In response to the Kerio Mailserver vulnerabilities */
/* discovered by David F.Madrid. */
/* */
/* Although this exploit requires valid authentication */
/* details, it is possible to use 'RCPT TO' to enumerate */
/* valid accounts 'A La Sendmail' as shown below: - */
/*
$ telnet 192.168.0.10 25
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
220 dhcp-185-45 Kerio MailServer 5.6.3 ESMTP ready
mail from: [email protected]
250 2.1.0 Sender ok
rcpt to: [email protected]
550 5.1.1 Mailbox does not exist
rcpt to:[email protected]
250 2.1.5 Recipient ok (local) ok (local)
#include
Exploit-DB
Kerio MailServer 5.6.3 list Module - Overflow
exploitdb·2003-06-18
CVE-2003-0487 Kerio MailServer 5.6.3 list Module - Overflow
Kerio MailServer 5.6.3 list Module - Overflow
---
source: https://www.securityfocus.com/bid/7967/info
Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures.
Successful exploitation of this vulnerability could potentially result in the execution of arbitrary code, with the privileges of the Kerio MailServer process.
http://[Server]/list?folder=~AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Exploit-DB
Kerio MailServer 5.6.3 subscribe Module - Overflow
exploitdb·2003-06-18
CVE-2003-0487 Kerio MailServer 5.6.3 subscribe Module - Overflow
Kerio MailServer 5.6.3 subscribe Module - Overflow
---
source: https://www.securityfocus.com/bid/7967/info
Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures.
Successful exploitation of this vulnerability could potentially result in the execution of arbitrary code, with the privileges of the Kerio MailServer process.
http://[server]/do_subscribe?showuser=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Exploit-DB
Kerio MailServer 5.6.3 add_acl Module - Overflow
exploitdb·2003-06-18
CVE-2003-0487 Kerio MailServer 5.6.3 add_acl Module - Overflow
Kerio MailServer 5.6.3 add_acl Module - Overflow
---
source: https://www.securityfocus.com/bid/7967/info
Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures.
Successful exploitation of this vulnerability could potentially result in the execution of arbitrary code, with the privileges of the Kerio MailServer process.
http://[server]/add_acl?folder=~AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Exploit-DB
Kerio MailServer 5.6.3 do_map Module - Overflow
exploitdb·2003-06-18
CVE-2003-0487 Kerio MailServer 5.6.3 do_map Module - Overflow
Kerio MailServer 5.6.3 do_map Module - Overflow
---
source: https://www.securityfocus.com/bid/7967/info
Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to insufficient bounds checking. Due to the similarity of these issues it has been conjectured that the root of the problem may be a single function used to handle all affected procedures.
Successful exploitation of this vulnerability could potentially result in the execution of arbitrary code, with the privileges of the Kerio MailServer process.
http://[Server]/do_map?
action=new&oldalias=eso&alias=aaa&folder=public&user=AAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105596982503760&w=2http://nautopia.org/vulnerabilidades/kerio_mailserver.htmhttp://www.securityfocus.com/bid/7967https://exchange.xforce.ibmcloud.com/vulnerabilities/12368http://marc.info/?l=bugtraq&m=105596982503760&w=2http://nautopia.org/vulnerabilidades/kerio_mailserver.htmhttp://www.securityfocus.com/bid/7967https://exchange.xforce.ibmcloud.com/vulnerabilities/12368
2003-08-07
Published