Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: [Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow]

Subject: Re: [Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow]
From: sheib@xxxxxxx (sheib@xxxxxxx)
Date: 24 Apr 2001 03:28:06 EET DST



niama nujda ot takova palene..
 
|'> > able to overflow beyond the edx due to what seems
|> > like char filtering beyond a curtain point (being 64).'

kyde e buga? 
ne sym gledal source oshte, no sym 99% ubeden che popper-a prosto
ne iska da ima po-goliam login ot 64 chars. 

.. reshavam da iztocha i pogledna source-a vse pak ..

// (popper.h)

#define MAXUSERNAMELEN  65
#define MAXDROPLEN      64


--

// (pop_auth.c)

  while( i < clen ) {
    p->authid[ k ]      = chg[ i ];
    if ( !j )
       p->user[ k ]     = chg[ i ];
    if ( !chg[ i++ ] || (k++ >= MAXUSERNAMELEN) ) break;
  }

     /* Check everything is within tolerance */

  if( (i >= clen) ||
         (!k || (k >= MAXUSERNAMELEN) || (j >= MAXUSERNAMELEN)) )
    return( pop_msg(p,POP_FAILURE, HERE, "Bad challenge message") );

--

Optium dori ne si e napravil 
truda da pusne chast ot loga. Tova ne e nachin da se reportva istinski
ili pseudo bug. Estestveno che niama da izleze v bugtraq.

P.S. ako naistina beshe overflow shteshe da killne popper-a ili
nai-malkoto da go zabie. napravih si truda da napisha programka, koitao 
prashta 64 ili poveche chars za user, no nishto neobiknoveno ne stana.

Cheerz,

/sh

> >
> > - ----------  Forwarded Message  ----------
> > Subject: Qpopper 4.0 Buffer Overflow
> > Date: Fri, 20 Apr 2001 03:15:29 -0000
> > From: Optium <shatan@xxxxxxxxxx>
> > To: VULN-DEV@xxxxxxxxxxxxxxxxx
> >
> >
> > Recently I came across a buffer overflow in qpop4.0.
> > The overflow occures when the input for the
> > command "user" is above  63 chars long. I was not
> > able to overflow beyond the edx due to what seems
> > like char filtering beyond a curtain point (being 64).
> >
> > example :
> >  Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > +OK
> > user
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAA
> > Connection closed by foreign host.
> >
> > Optium
> >
> > - -------------------------------------------------------
> >
> > - --
> > - -===============================================================-
> > - - Regards,                                            AngelFire -
> > - -     Stanislav Lechev                    <firedust@xxxxxxx>    -
> > - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> > - -===============================================================-
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop
> > jB+3Vz53a8CtrEfH7dylcaQ=
> > =rBGC
> > -----END PGP SIGNATURE-----
>

Stanislav Lechev <firedust@xxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mi ti dosega wivdal li si da report-nat bug w bugtraq sys exploit-a

exploit-a idwa nqkolko dni sled towa...

a i ne se znae dali shte dojde...
sled malko shte pregleda bugtraq... i shte imam po presni nowini :)

On Sunday 22 April 2001 03:47, you wrote:
> ----- Original Message -----
> From: Stanislav Lechev <firedust@xxxxxxx>
> To: Linux Users Group - Bulgaria <lug-bg@xxxxxxxxxxxxxxxxxx>
> Sent: Friday, April 20, 2001 4:27 PM
> Subject: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > koj kaza che bil secure ?...
> > che naposledyk chesto wzeha da go pishat ...
> >
> > updatewajte kato izleze patch :)
> >
> >
> > - ----------  Forwarded Message  ----------
> > Subject: Qpopper 4.0 Buffer Overflow
> > Date: Fri, 20 Apr 2001 03:15:29 -0000
> > From: Optium <shatan@xxxxxxxxxx>
> > To: VULN-DEV@xxxxxxxxxxxxxxxxx
> >
> >
> > Recently I came across a buffer overflow in qpop4.0.
> > The overflow occures when the input for the
> > command "user" is above  63 chars long. I was not
> > able to overflow beyond the edx due to what seems
> > like char filtering beyond a curtain point (being 64).
> >
> > example :
> >  Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > +OK
> > user
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAAAAA
> > Connection closed by foreign host.
> >
> > Optium
> >
> > - -------------------------------------------------------
> >
> > - --
> > - -===============================================================-
> > - - Regards,                                            AngelFire -
> > - -     Stanislav Lechev                    <firedust@xxxxxxx>    -
> > - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> > - -===============================================================-
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop
> > jB+3Vz53a8CtrEfH7dylcaQ=
> > =rBGC
> > -----END PGP SIGNATURE-----
>
> ===========================================================================
>
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
>
> Zagora
>
>
>
> taka kato gledam primera  i ne razbrah tochno kyde e exploita :)
> btw... qpopper ot 3.0 nagore (3.1.1 , 3.1.2 i podobni) uzhkim sa si
> stable...  za 4 - ne znam.
>
>
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

- -- 
- -===============================================================-
- - Regards,                                            AngelFire -
- -     Stanislav Lechev                    <firedust@xxxxxxx>    -
- -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
- -===============================================================-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE64+348RPXBhiMqewRAoUVAKCLKHaC5+VgqoMyJRf4zCqt1vkO+ACeMSCB
4ZEJqSP8BG3Yjv+I6xBK+0E=
=U5k0
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

Във връзка с:
- Re: [Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow]
  - Изпратено от: firedust@xxxxxxx (Stanislav Lechev)

Предишно по дата: Re: lug-bg: Slack iso
Следващо по дата: Re: lug-bg: Fwd: QNX FIle Read Vulnerability
Предишно по тема: Re: Re : lug-bg: repliezzzz...
Следващо по тема: Re: [Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow]
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG