Bugtraq mailing list archives
Re: More problems with QPOPPER - <sigh>
From: bruno () OPENLINE COM BR (Bruno Lopes F. Cabral)
Date: Mon, 29 Jun 1998 08:50:00 -0300
Hi there
After applying all the patches with exception of the PAM patch in the .RPM'd version of qpopper2.4.src, I have located yet another hole in qpopper. This popper was compiled with -DAUTH in the makefile.
[examples snipped]
Then, I decided to try a VALID username: [OverKill]:/$ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK QPOP (version 2.4) at Victim.Com starting. user valid +OK Password required for valid. pass [long line of X truncated] Connection closed by foreign host. It segfaulted and dumped core.
seems the pam patches protect this, because here (I use pam) it didn't work $ telnet poor.victim.com 110 Trying poor.victim.ip.address... Connected to poor.victim.com. Escape character is '^]'. +OK QPOP (version 2.4) at poor.victim.com starting. user valid +OK Password required for valid. pass [long line of X striped] -ERR Password supplied for "valid" is incorrect. +OK Pop server at poor.victim.com signing off. Connection closed by foreign host. and the attempt was logged (although not different from a "normal" one) Jun 29 08:42:29 poor in.qpopper[4612]: valid () poor victom com: -ERR Password supplied for "poor" is incorrect. Jun 29 08:42:29 poor in.qpopper[4612]: Failed attempted login to poor from host poor.victim.com
Looks like basically that if the parser sees that the command was actually a password argument, it doesn't send it through the truncate code.
I didn't looked into but I suspect the PAM patches change the default of -DAUTH. BTW qpopper development seems halted. does any of you contacted quallcom about these problems? !3runo
Current thread:
- More problems with QPOPPER - <sigh> John Fraizer (Jun 28)
- Re: More problems with QPOPPER - <sigh> Phillip R. Jaenke (Jun 28)
- Re: More problems with QPOPPER - <sigh> Julian Assange (Jun 29)
- Re: More problems with QPOPPER - <sigh> Dustin Sallings (Jun 29)
- Fixing up Qpopper Chris Evans (Jun 29)
- Re: More problems with QPOPPER - <sigh> Bruno Lopes F. Cabral (Jun 29)
- Re: More problems with QPOPPER - <sigh> Klaus (Jun 29)
- <Possible follow-ups>
- Re: More problems with QPOPPER - <sigh> Aaron D. Gifford (Jun 29)
- Re: More problems with QPOPPER - <sigh> Aaron D. Gifford (Jun 29)
- Re: More problems with QPOPPER - <sigh> Niall Smart (Jun 29)