CVE-2003-0264 PoC — SLMail安全漏洞

Source

https://github.com/pwncone/CVE-2003-0264-SLmail-5.5

Associated Vulnerability

Title:SLMail安全漏洞 (CVE-2003-0264)
Description:SLMail 5.1.0.4420版本存在安全漏洞。远程攻击者可以通过(1)slmail.exe中的超长EHLO 参数，(2) slmail.exe中的超长XTRN参数，(3) POPPASSWD中的超长字符串，或(4)POP3服务器中的超长密码执行任意代码。

Description

A POC remote buffer overflow for CVE-2003-0264 - SLMail 5.5

Readme

# CVE-2003-0264 - Seattle Lab Mail 5.5 POP3 Buffer Overflow

## References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0264

## Vulnerability
SLMail has no bounds checking when submitting a POP3 password.
As a result, you can execute arbitrary code by submitting a long, malformed POP3 PASS to the SLMail server.

File Snapshot


 [4.0K]  /data/pocs/6274a0839e9bc6e16e5fa569f2e65e36706ad40d
├── [ 324]  README.md
├── [5.0K]  slmail.py
└── [4.0K]  Software
    └── [8.8M]  SLMail55_4433.exe

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!