Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow


  • Subject: Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow
  • From: teodor@xxxxxxxxxx (Teodor Georgiev)
  • Date: Sun, 22 Apr 2001 02:47:45 +0200



----- Original Message -----
From: Stanislav Lechev <firedust@xxxxxxx>
To: Linux Users Group - Bulgaria <lug-bg@xxxxxxxxxxxxxxxxxx>
Sent: Friday, April 20, 2001 4:27 PM
Subject: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> koj kaza che bil secure ?...
> che naposledyk chesto wzeha da go pishat ...
>
> updatewajte kato izleze patch :)
>
>
> - ----------  Forwarded Message  ----------
> Subject: Qpopper 4.0 Buffer Overflow
> Date: Fri, 20 Apr 2001 03:15:29 -0000
> From: Optium <shatan@xxxxxxxxxx>
> To: VULN-DEV@xxxxxxxxxxxxxxxxx
>
>
> Recently I came across a buffer overflow in qpop4.0.
> The overflow occures when the input for the
> command "user" is above  63 chars long. I was not
> able to overflow beyond the edx due to what seems
> like char filtering beyond a curtain point (being 64).
>
> example :
>  Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> +OK
> user
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAA
> Connection closed by foreign host.
>
> Optium
>
> - -------------------------------------------------------
>
> - --
> - -===============================================================-
> - - Regards,                                            AngelFire -
> - -     Stanislav Lechev                    <firedust@xxxxxxx>    -
> - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> - -===============================================================-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop
> jB+3Vz53a8CtrEfH7dylcaQ=
> =rBGC
> -----END PGP SIGNATURE-----
>
===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
Zagora
>

taka kato gledam primera  i ne razbrah tochno kyde e exploita :)
btw... qpopper ot 3.0 nagore (3.1.1 , 3.1.2 i podobni) uzhkim sa si
stable...  za 4 - ne znam.

===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.