Bugtraq mailing list archives
Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit]
From: qpopper () QUALCOMM COM (Qpopper Support)
Date: Wed, 1 Dec 1999 16:11:01 -0800
All reported buffer overruns are fixed in qpopper3.0b22, which is available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>. In addition, other users of '%s' were examined and limited applied to some which could theoretically cause a crash.
Message-ID: <Pine.LNX.4.10.9911301500310.26891-200000 () terra nebula org> Date: Tue, 30 Nov 1999 15:25:25 -0500 Reply-To: Lucid Solutions <lucid () TERRA NEBULA ORG> Sender: Bugtraq List <BUGTRAQ () SECURITYFOCUS COM> From: Lucid Solutions <lucid () TERRA NEBULA ORG> Subject: qpop3.0b20 and below - notes and exploit I found this overflow myself earlier this month. Seems someone else recently found it before Qualcomm was able to issue a patch. The 2.x series is not vunlnerable because AUTH is not yet supported and the error returned by attempting to use AUTH does not call pop_msg() with any user input. There is also another overflow besides the AUTH overflow which can occur if a valid username and password are first entered also occuring in pop_msg(). pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20: pop_msg(p,POP_FAILURE, "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand);
Current thread:
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Qpopper Support (Dec 01)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Richard Trott (Dec 16)
- Windows NT LSA Remote Denial of Service NAI Labs (Dec 16)
- Re: Windows NT LSA Remote Denial of Service Jordan Ritter (Dec 16)
- <Possible follow-ups>
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Qpopper Support (Dec 16)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Maurycy Prodeus (Dec 17)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Olaf Seibert (Dec 20)