Vulnerability Development mailing list archives
Re: Buffer overflow in Dovecot or OpenSSL?
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 9 Apr 2003 16:38:15 +0400
Dear Timo Sirainen, You're right, the fact EIP points inside the stack should indicate large problems. But the string at EIP doesn't look to be shellcode or it's part. How many entries do you have in the log? Do you have stackdump? --Tuesday, April 8, 2003, 11:39:23 PM, you wrote to vuln-dev () securityfocus com: TS> I saw a disturbing message today: TS> PAX: terminating task: /usr/local/libexec/dovecot/imap-login(imap-login):13964, uid/euid: 102/102, EIP: 5D0CB8B8, ESP: 5D0CB82C TS> PAX: bytes at EIP: d8 b8 0c 5d 25 14 05 08 f8 9e 06 08 01 00 00 00 20 ca 04 08 -- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем)
Current thread:
- Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 08)
- Re: Buffer overflow in Dovecot or OpenSSL? Admin (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? 3APA3A (Apr 09)
- Re: Buffer overflow in Dovecot or OpenSSL? Timo Sirainen (Apr 09)
- POC Heap based buffer overflow Aaron C. Newman (Application Security, Inc.) (Apr 11)
- Re: POC Heap based buffer overflow Roland Postle (Apr 12)
- Re: Buffer overflow in Dovecot or OpenSSL? Admin (Apr 09)