Qpopper 4.0 Buffer Overflow

From: Optium (shatanat_private)
Date: Thu Apr 19 2001 - 20:15:29 PDT

Next message: Ryan Sweat: "Pidentd dos- or more?"

Previous message: Crispin Cowan: "Digex TruDefense?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recently I came across a buffer overflow in qpop4.0.
The overflow occures when the input for the 
command "user" is above  63 chars long. I was not
able to overflow beyond the edx due to what seems 
like char filtering beyond a curtain point (being 64).

example :
 Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK 
user 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA
Connection closed by foreign host.

Optium

Next message: Ryan Sweat: "Pidentd dos- or more?"
Previous message: Crispin Cowan: "Digex TruDefense?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 07:20:17 PDT