Vulnerabilities > CVE-2004-1558 - Remote Buffer Overflow vulnerability in YahooPOPS!
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
description YPOPS 0.6 Buffer Overflow. CVE-2004-1558. Remote exploit for windows platform id EDB-ID:16818 last seen 2016-02-02 modified 2010-05-09 published 2010-05-09 reporter metasploit source https://www.exploit-db.com/download/16818/ title YPOPS 0.6 - Buffer Overflow description YahooPOPs <= 1.6 SMTP Port Buffer Overflow Exploit. CVE-2004-1558. Remote exploit for windows platform id EDB-ID:577 last seen 2016-01-31 modified 2004-10-15 published 2004-10-15 reporter class101 source https://www.exploit-db.com/download/577/ title YahooPOPs <= 1.6 SMTP Port Buffer Overflow Exploit description YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit. CVE-2004-1558. Remote exploit for windows platform id EDB-ID:582 last seen 2016-01-31 modified 2004-10-18 published 2004-10-18 reporter Diabolic Crab source https://www.exploit-db.com/download/582/ title YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit
Metasploit
| description | This module exploits a stack buffer overflow in the YPOPS POP3 service. This is a classic stack buffer overflow for YPOPS version 0.6. Possibly Affected version 0.5, 0.4.5.1, 0.4.5. Eip point to jmp ebx opcode in ws_32.dll |
| id | MSF:EXPLOIT/WINDOWS/SMTP/YPOPS_OVERFLOW1 |
| last seen | 2020-05-23 |
| modified | 2017-07-24 |
| published | 2006-10-12 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/smtp/ypops_overflow1.rb |
| title | YPOPS 0.6 Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83157/ypops_overflow1.rb.txt |
| id | PACKETSTORM:83157 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | acaro |
| source | https://packetstormsecurity.com/files/83157/YPOPS-0.6-Buffer-Overflow.html |
| title | YPOPS 0.6 Buffer Overflow |
References
- http://dbeusee.home.comcast.net/history.html
- http://marc.info/?l=bugtraq&m=109630699829536&w=2
- http://secunia.com/advisories/12660
- http://securitytracker.com/alerts/2004/Sep/1011426.html
- http://www.attrition.org/pipermail/vim/2006-October/001089.html
- http://www.hat-squad.com/en/000075.html
- http://www.osvdb.org/10366
- http://www.osvdb.org/10367
- http://www.securityfocus.com/bid/11256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17515
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17518