Home page logo

bugtraq logo Bugtraq mailing list archives

Re: QPOPPER problem.... ONE crude patch...
From: Y.Adamopoulos () noc ntua gr (Yiorgos Adamopoulos)
Date: Sat, 27 Jun 1998 22:58:51 +0300


I am attaching the typescript file.  As you will see, the connection closed
as expected...


Script started on Sat Jun 27 22:55:42 1998

adamo () ajax: [1] ~ > perl -e 'print "e"x20000,"\r\nQUIT\r\n";'|nc -i 2 local 110
+OK QPOP (version 2.41beta1) at ajax.noc.ntua.gr starting.
-ERR Unknown command: 
+OK Pop server at ajax.noc.ntua.gr signing off.

adamo () ajax: [2] ~ > exit
script done on Sat Jun 27 22:56:46 1998
On Sat, Jun 27, 1998 at 11:52:50AM -0700, Tom Brown wrote:

just in case you didn't know...

just because you don't find the core file, doesn't mean it didn't
segfault... did you get a sudden "connection closed by foreign host" ...
if so it's vulnerable... (the 2.3 popper seems to do this, even on
linux... and BSDI I'm told does that)...

On Sat, 27 Jun 1998, Yiorgos Adamopoulos wrote:

On Sat, Jun 27, 1998 at 01:58:10AM -0700, Tom Brown wrote:
perl -e 'print "e"x2000,"\r\nQUIT\r\n";' | nc -i 2 target 110

can someone try this on a Solaris2.6 (sparc) ?  I just did and it did not
core dump ...

tbrown () BareMetal com   | Ours is a world where people don't know what they
http://BareMetal.com/  | want and are willing to go through hell to get it.
                       | - Don Marquis

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]