-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mi ti dosega wivdal li si da report-nat bug w bugtraq sys exploit-a exploit-a idwa nqkolko dni sled towa... a i ne se znae dali shte dojde... sled malko shte pregleda bugtraq... i shte imam po presni nowini :) On Sunday 22 April 2001 03:47, you wrote: > ----- Original Message ----- > From: Stanislav Lechev <[EMAIL PROTECTED]> > To: Linux Users Group - Bulgaria <[EMAIL PROTECTED]> > Sent: Friday, April 20, 2001 4:27 PM > Subject: lug-bg: Fwd: Qpopper 4.0 Buffer Overflow > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > koj kaza che bil secure ?... > > che naposledyk chesto wzeha da go pishat ... > > > > updatewajte kato izleze patch :) > > > > > > - ---------- Forwarded Message ---------- > > Subject: Qpopper 4.0 Buffer Overflow > > Date: Fri, 20 Apr 2001 03:15:29 -0000 > > From: Optium <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > > > > > Recently I came across a buffer overflow in qpop4.0. > > The overflow occures when the input for the > > command "user" is above 63 chars long. I was not > > able to overflow beyond the edx due to what seems > > like char filtering beyond a curtain point (being 64). > > > > example : > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > +OK > > user > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > > AAAAAAAAAAAAAA > > Connection closed by foreign host. > > > > Optium > > > > - ------------------------------------------------------- > > > > - -- > > - -===============================================================- > > - - Regards, AngelFire - > > - - Stanislav Lechev <[EMAIL PROTECTED]> - > > - - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc - > > - -===============================================================- > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.4 (GNU/Linux) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE64EdN8RPXBhiMqewRAjpTAJwJ11H6r5U5DutEpIfsX1UrlnQxrACfTVop > > jB+3Vz53a8CtrEfH7dylcaQ= > > =rBGC > > -----END PGP SIGNATURE----- > > =========================================================================== > > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara > > Zagora > > > > taka kato gledam primera i ne razbrah tochno kyde e exploita :) > btw... qpopper ot 3.0 nagore (3.1.1 , 3.1.2 i podobni) uzhkim sa si > stable... za 4 - ne znam. > > > > =========================================================================== > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora - -- - -===============================================================- - - Regards, AngelFire - - - Stanislav Lechev <[EMAIL PROTECTED]> - - - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc - - -===============================================================- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE64+348RPXBhiMqewRAoUVAKCLKHaC5+VgqoMyJRf4zCqt1vkO+ACeMSCB 4ZEJqSP8BG3Yjv+I6xBK+0E= =U5k0 -----END PGP SIGNATURE----- =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora