YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities

YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities

A proof of concept exploit was provided. Examples sufficient to demonstrate the vulnerability have also been provided:

For the POP3 service:
Telnet localhost 110
+OK POP3 YahooPOPs! Proxy ready
[USER][180xA][BBBB]

For the SMTP service:
Telnet localhost 25
220 YahooPOPs! Simple Mail Transfer Service Ready
[504xA] [BBBB]

Nima Majidi <nima_majidi@hat-squad.com>, "class 101" <class101@phreaker.net>, Diabolic Crab <dcrab@hackerscenter.com>, and varun uppal <varunuppal@linuxmail.org> have all provided exploit examples.

y0 <y0@w00t-shell.net> has created an exploit for the Metasploit framework (ypops_smtp.pm):
http://downloads.securityfocus.com/vulnerabilities/exploits/ypops_smtp.pm

/data/vulnerabilities/exploits/yahoopops.c
/data/vulnerabilities/exploits/101_ypops.cpp
/data/vulnerabilities/exploits/dc_ypop.c
/data/vulnerabilities/exploits/yPOPsBufferOverflowExploitVarunUppal.py
/data/vulnerabilities/exploits/ypops_smtp.pm