CVE-2007-5740

Perdition Mail Retrieval Proxy < 1.17 - Remote Code Execution via IMAP Tag Format String Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5740. PoCs published by Bernhard Mueller.

AI-analyzed exploit summary The exploit demonstrates a format-string vulnerability in Perdition IMAP proxy server by sending a malformed input via netcat. This can lead to arbitrary code execution or denial-of-service conditions.

Description

The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bernhard Mueller · textdoslinux

https://www.exploit-db.com/exploits/30724

View Code ZIP pw:eip

The exploit demonstrates a format-string vulnerability in Perdition IMAP proxy server by sending a malformed input via netcat. This can lead to arbitrary code execution or denial-of-service conditions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Perdition IMAP proxy server 1.17 and prior

No auth needed

Prerequisites: Network access to the target server · Perdition IMAP proxy server running on port 143

MITRE ATT&CK