BugTraq
QPopper 4.0.x buffer overflow vulnerability Mar 10 2003 02:31PM
Florian Heinz (heinz cronon-ag de) (3 replies)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 01:19PM
Jaroslaw Zachwieja (grok tnt pl) (1 replies)
RE: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 05:03PM
Jonathan A. Zdziarski (jonathan networkdweebs com)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 09:33AM
Torsten Mueller (torsten archesoft de) (1 replies)


Florian Heinz schrieb:
>
> Hello,
>
> Under certain conditions it is possible to execute arbitrary code using
> a buffer overflow in the recent qpopper.
>
> You need a valid username/password-combination and code is (depending on
> the setup) usually executed with the user's uid and gid mail.
>
...
>
> This is the short version. An enhanced version with error-checking,
> bufsize- and return-address autodetection can be found on
> http://nstx.dereference.de/snippets/qex.c
>
> Feedback is welcome.

... and here it comes ;-)

I tested http://nstx.dereference.de/snippets/qex.c
against 3 selfcompiled qpopper4.0.4 on 3 different machines.

I can confirm, that on one machine "it worked", i got
a shell.

More interesting for me is of course, if you can provide
a patch against 4.0.4 to close this vulnerability.

Greetings Torsten

[ reply ]
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 09:55AM
Florian Heinz (heinz cronon-ag de)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 03:05AM
Randall Gellens (rg_public 1 flagg qualcomm com) (2 replies)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 13 2003 07:12AM
Harald Hellmuth (hh hostserver de)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 04:05AM
Florian Heinz (heinz cronon-ag de)


 

Privacy Statement
Copyright 2010, SecurityFocus