CVE-2007-0886

Axigen Mail Server 1.2.6-2.0.0b1 - Heap-Based Buffer Underflow via Base64-Encoded POP3 Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0886. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a DoS vulnerability in AXIGEN mail server versions 1.2.6 to 2.0.0b1 by sending malformed AUTH CRAM-MD5 commands, causing a parsing error and potential heap corruption. The PoC repeatedly sends crafted base64-encoded data to trigger the crash.

Description

Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cdoslinux

https://www.exploit-db.com/exploits/3289

View Code ZIP pw:eip

This exploit targets a DoS vulnerability in AXIGEN mail server versions 1.2.6 to 2.0.0b1 by sending malformed AUTH CRAM-MD5 commands, causing a parsing error and potential heap corruption. The PoC repeatedly sends crafted base64-encoded data to trigger the crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: AXIGEN 1.2.6 - 2.0.0b1

No auth needed

Prerequisites: Network access to the target POP3 service (port 110)

MITRE ATT&CK