CVE-2007-0887

Axigen Mail Server 1.2.6-2.0.0b1 - Denial of Service via Malformed IMAP Login Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0887. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a NULL pointer dereference vulnerability in Axigen Mail Server versions 1.2.6 to 2.0.0b1, causing a denial-of-service (DoS) by sending malformed authentication data. The PoC connects to the IMAP service and triggers the crash by exploiting improper handling of the AUTHENTICATE PLAIN command.

Description

axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cdoslinux

https://www.exploit-db.com/exploits/3290

View Code ZIP pw:eip

This exploit targets a NULL pointer dereference vulnerability in Axigen Mail Server versions 1.2.6 to 2.0.0b1, causing a denial-of-service (DoS) by sending malformed authentication data. The PoC connects to the IMAP service and triggers the crash by exploiting improper handling of the AUTHENTICATE PLAIN command.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Axigen Mail Server 1.2.6 - 2.0.0b1

No auth needed

Prerequisites: Network access to the target's IMAP service (port 143)

MITRE ATT&CK