Full Disclosure mailing list archives
Re: IpSwitch IMAP Server LOGON stack overflow
From: <nolimit () coreiso org>
Date: Wed, 8 Jun 2005 16:55:33 -0400
Ah, you refer to this one. "The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. " Later it reads "The second vulnerability also exists in the handling of the LOGIN command username argument, however it lends itself to easier exploitation." I guess I shouldn't have trusted this statement :) Perhaps I'll take a look at this one next, or just use your CANVAS example :) Cheers nolimit
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IpSwitch IMAP Server LOGON stack overflow nolimit (Jun 07)
- Re: IpSwitch IMAP Server LOGON stack overflow Dave Aitel (Jun 08)
- <Possible follow-ups>
- Re: Re: IpSwitch IMAP Server LOGON stack overflow nolimit (Jun 08)
- Re: IpSwitch IMAP Server LOGON stack overflow Dave Aitel (Jun 08)
- Re: IpSwitch IMAP Server LOGON stack overflow nolimit (Jun 08)