CVE-2008-0394

Citadel SMTP < 7.10 - Remote Code Execution via Long RCPT TO Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0394. PoCs published by prdelka.

AI-analyzed exploit summary This exploit targets a remote buffer overflow vulnerability in Citadel SMTP server versions up to 7.10. The exploit likely sends a maliciously crafted SMTP command to trigger the overflow, potentially allowing remote code execution.

Description

Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · textremotewindows

https://www.exploit-db.com/exploits/4949

View Code ZIP pw:eip

This exploit targets a remote buffer overflow vulnerability in Citadel SMTP server versions up to 7.10. The exploit likely sends a maliciously crafted SMTP command to trigger the overflow, potentially allowing remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Citadel SMTP <= 7.10

No auth needed

Prerequisites: Network access to the Citadel SMTP server

MITRE ATT&CK