Re: [Re: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow]

Tue, 24 Apr 2001 06:46:43 -0700 



Stanislav Lechev wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> eee
> ti si se prestaral :)
> az samo go fwd-nah ot bugtraq :)
> dori nqmam qpopper za da testwam :)

az imah i oshte syshtata nosht go testih. Qpoppera si reagira normalno i s
vnimanie :)
ne plashete naroda s gluposti...


>
>
> On Tuesday 24 April 2001 11:28, you wrote:
> > niama nujda ot takova palene..
> >
> > |'> > able to overflow beyond the edx due to what seems
> > |
> > |> > like char filtering beyond a curtain point (being 64).'
> >
> > kyde e buga?
> > ne sym gledal source oshte, no sym 99% ubeden che popper-a prosto
> > ne iska da ima po-goliam login ot 64 chars.
> >
> > .. reshavam da iztocha i pogledna source-a vse pak ..
> >
> > // (popper.h)
> >
> > #define MAXUSERNAMELEN  65
> > #define MAXDROPLEN      64
> >
> > --
> >
> > // (pop_auth.c)
> >
> >   while( i < clen ) {
> >     p->authid[ k ]      = chg[ i ];
> >     if ( !j )
> >        p->user[ k ]     = chg[ i ];
> >     if ( !chg[ i++ ] || (k++ >= MAXUSERNAMELEN) ) break;
> >   }
> >
> >      /* Check everything is within tolerance */
> >
> >   if( (i >= clen) ||
> >          (!k || (k >= MAXUSERNAMELEN) || (j >= MAXUSERNAMELEN)) )
> >     return( pop_msg(p,POP_FAILURE, HERE, "Bad challenge message") );
> >
> > --
> >
> > Optium dori ne si e napravil
> > truda da pusne chast ot loga. Tova ne e nachin da se reportva istinski
> > ili pseudo bug. Estestveno che niama da izleze v bugtraq.
> >
> > P.S. ako naistina beshe overflow shteshe da killne popper-a ili
> > nai-malkoto da go zabie. napravih si truda da napisha programka, koitao
> > prashta 64 ili poveche chars za user, no nishto neobiknoveno ne stana.
> >
> > Cheerz,
> >
> > /sh
> >
> > > > - ----------  Forwarded Message  ----------
> > > > Subject: Qpopper 4.0 Buffer Overflow
> > > > Date: Fri, 20 Apr 2001 03:15:29 -0000
> > > > From: Optium <[EMAIL PROTECTED]>
> > > > To: [EMAIL PROTECTED]
> > > >
> > > >
> > > > Recently I came across a buffer overflow in qpop4.0.
> > > > The overflow occures when the input for the
> > > > command "user" is above  63 chars long. I was not
> > > > able to overflow beyond the edx due to what seems
> > > > like char filtering beyond a curtain point (being 64).
> > > >
> > > > example :
> > > >  Trying 127.0.0.1...
> > > > Connected to localhost.
> > > > Escape character is '^]'.
> > > > +OK
> > > > user
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAA
> > > > Connection closed by foreign host.
> > > >
> > > > Optium
> > > >
> > > > - -------------------------------------------------------
> > > >
> > > > - --
> > > > - -===============================================================-
> > > > - - Regards,                                            AngelFire -
> > > > - -     Stanislav Lechev                    <[EMAIL PROTECTED]>    -
> > > > - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> > > > - -===============================================================-
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.4 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > >
> > > > iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop
> > > > jB+3Vz53a8CtrEfH7dylcaQ=
> > > > =rBGC
> > > > -----END PGP SIGNATURE-----
> >
> > Stanislav Lechev <[EMAIL PROTECTED]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > mi ti dosega wivdal li si da report-nat bug w bugtraq sys exploit-a
> >
> > exploit-a idwa nqkolko dni sled towa...
> >
> > a i ne se znae dali shte dojde...
> > sled malko shte pregleda bugtraq... i shte imam po presni nowini :)
> >
> > On Sunday 22 April 2001 03:47, you wrote:
> > > ----- Original Message -----
> > > From: Stanislav Lechev <[EMAIL PROTECTED]>
> > > To: Linux Users Group - Bulgaria <[EMAIL PROTECTED]>
> > > Sent: Friday, April 20, 2001 4:27 PM
> > > Subject: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > >
> > > > koj kaza che bil secure ?...
> > > > che naposledyk chesto wzeha da go pishat ...
> > > >
> > > > updatewajte kato izleze patch :)
> > > >
> > > >
> > > > - ----------  Forwarded Message  ----------
> > > > Subject: Qpopper 4.0 Buffer Overflow
> > > > Date: Fri, 20 Apr 2001 03:15:29 -0000
> > > > From: Optium <[EMAIL PROTECTED]>
> > > > To: [EMAIL PROTECTED]
> > > >
> > > >
> > > > Recently I came across a buffer overflow in qpop4.0.
> > > > The overflow occures when the input for the
> > > > command "user" is above  63 chars long. I was not
> > > > able to overflow beyond the edx due to what seems
> > > > like char filtering beyond a curtain point (being 64).
> > > >
> > > > example :
> > > >  Trying 127.0.0.1...
> > > > Connected to localhost.
> > > > Escape character is '^]'.
> > > > +OK
> > > > user
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > > > AAAAAAAAAAAAAA
> > > > Connection closed by foreign host.
> > > >
> > > > Optium
> > > >
> > > > - -------------------------------------------------------
> > > >
> > > > - --
> > > > - -===============================================================-
> > > > - - Regards,                                            AngelFire -
> > > > - -     Stanislav Lechev                    <[EMAIL PROTECTED]>    -
> > > > - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> > > > - -===============================================================-
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.4 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > >
> > > > iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop
> > > > jB+3Vz53a8CtrEfH7dylcaQ=
> > > > =rBGC
> > > > -----END PGP SIGNATURE-----
> > >
> > > =========================================================================
> > >==
> > >
> > > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> > >
> > > Zagora
> > >
> > >
> > >
> > > taka kato gledam primera  i ne razbrah tochno kyde e exploita :)
> > > btw... qpopper ot 3.0 nagore (3.1.1 , 3.1.2 i podobni) uzhkim sa si
> > > stable...  za 4 - ne znam.
> > >
> > >
> > >
> > > =========================================================================
> > >== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> > > Zagora
> >
> > - --
> > - -===============================================================-
> > - - Regards,                                            AngelFire -
> > - -     Stanislav Lechev                    <[EMAIL PROTECTED]>    -
> > - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> > - -===============================================================-
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE64+348RPXBhiMqewRAoUVAKCLKHaC5+VgqoMyJRf4zCqt1vkO+ACeMSCB
> > 4ZEJqSP8BG3Yjv+I6xBK+0E=
> > =U5k0
> > -----END PGP SIGNATURE-----
> > ===========================================================================
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
> >
> >
> > ____________________________________________________________________
> > Get free email and a permanent address at http://www.netaddress.com/?N=1
> > ===========================================================================
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
>
> - --
> - -===============================================================-
> - - Regards,                                            AngelFire -
> - -     Stanislav Lechev                    <[EMAIL PROTECTED]>    -
> - -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
> - -===============================================================-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE65VGm8RPXBhiMqewRAolvAJwLmratL+UQ0S+65E/apXRcV22lowCdHvxQ
> jn6QC8q+jhlrb6M4bMAXs+M=
> =RYki
> -----END PGP SIGNATURE-----
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

--

 "Through the darkness of the future past
  the magician longs to see
  one chants out between two worlds.
  Fire, walk with me!"


              =========================
              Teodor  Georgiev
              System Administrator
              Netplus OOD - Sofia
              phone: ++359-2-9633298
              e-mail: [EMAIL PROTECTED]
              ICQ: 33741477
              =========================


===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

Reply via email to