Re: qpush: qpopper exploit source

From: Herbert Rosmanith (herpat_private-EDU.UNI-LINZ.AC.AT)
Date: Mon Jun 29 1998 - 14:19:44 PDT

Next message: Dustin Sallings: "Re: More problems with QPOPPER - <sigh>"

Previous message: Aleph One: "SECURITY FIX - TclPro Debugger beta release 1 & 2"
Maybe in reply to: Herbert Rosmanith: "qpush: qpopper exploit source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

dear listmembers,

unfortunately, I've forgotten to add some information about the environment
'qpush' runs. let me do that now:

 o target architecure: that's the architecure where popper runs.
   this must be ix86-linux. will not work on FreeBSD or any other os.
 o 'local' architecure: that's the programm to run 'qpush' on.
   this can be anything you want, but mind that on other systems
   than linux, you may have to add header files and/or libaries.
   don't forget to byte-swap (ntohl()) the addrlist entries on
   big endian machines.
 o debian QPOP v2.2 seems to be immune to 'qpush' ?
 o if you have compiled popper yourself, the return adresses in
   "addrlist" may not match your binary. try altering these adresses.
 o 'qpush' at least works for suse-linux qpopper v2.2 (same binary every-
    where). suse has been mailed about that.
 o I've check qpush with several homebrewed binaries and found that
   long addrlist[]={
        0xbfffeee4,             /*2.2*/
        0xbfffeb80              /*2.41beta1*/
   }
   will work better than the  "0xbfffec18            /*2.41beta1*/"
   before.

best regards,
herbert rosmanith
herpat_private-linz.ac.at

Next message: Dustin Sallings: "Re: More problems with QPOPPER - <sigh>"
Previous message: Aleph One: "SECURITY FIX - TclPro Debugger beta release 1 & 2"
Maybe in reply to: Herbert Rosmanith: "qpush: qpopper exploit source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:49 PDT