Bugtraq mailing list archives
Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)
From: Renaud Deraison <deraison () cvs nessus org>
Date: Tue, 5 Jun 2001 22:21:47 +0200
On Tue, Jun 05, 2001 at 06:52:23PM +0200, Roman Drahtmueller wrote:
**** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- PLEASE UPGRADE IMMEDIATELY ***We hope that this information is accurate. Version 4.0.2 is not on the ftp server any more, and there is no patch from 4.0.2 to 4.0.3. We currently feel handicapped in our efforts to check the code for the changes wrt the buffer overflow.
The buffer overflow took place when a too long argument was supplied to the USER command (and apparently to some other commands too). Here's the gdb backtrace I did save when I investigated this issue thanks to Gustavo Viscaino (see http://www.nessus.com/bugs/nessus/fixed?id=385 if you are curious about why I'm involved in this) (note that the command was USER XXXXX[....]XXXXX\r\n) Program received signal SIGSEGV, Segmentation fault. strcpy (dest=0xbfffca95 'X' <repeats 200 times>..., src=0xbfffca54 'X' <repeats 200 times>...) at ../sysdeps/generic/strcpy.c:38 38 ../sysdeps/generic/strcpy.c: No such file or directory. (gdb) bt #0 strcpy (dest=0xbfffca95 'X' <repeats 200 times>..., src=0xbfffca54 'X' <repeats 200 times>...) at ../sysdeps/generic/strcpy.c:38 #1 0x805078c in pop_user (p=0xbfffca2c) at pop_user.c:198 #2 0x8050e58 in qpopper (argc=1482184792, argv=0x58585858) at popper.c:321 #3 0x58585858 in ?? () Cannot access memory at address 0x58585858 Unfortunately, I did not get a copy of qpopper 4.0.2, so I can't really show where the exact bug was.
If the above statement is right, then SuSE distributions are not vulnerable. However, we wish to double-check such a claim. All kinds of
I really think it's not vulnerable. Qpopper 3.0.x is immune to this bug too. -- Renaud
Current thread:
- Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Michael Brennen (Jun 02)
- Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Roman Drahtmueller (Jun 05)
- Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Renaud Deraison (Jun 05)
- Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Florian Weimer (Jun 05)
- Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) William D. Colburn (aka Schlake) (Jun 05)
- Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Roman Drahtmueller (Jun 05)