mailing list archives
Re: qpush: qpopper exploit source
From: herp () WILDSAU IDV-EDU UNI-LINZ AC AT (Herbert Rosmanith)
Date: Mon, 29 Jun 1998 23:19:44 +0200
unfortunately, I've forgotten to add some information about the environment
'qpush' runs. let me do that now:
o target architecure: that's the architecure where popper runs.
this must be ix86-linux. will not work on FreeBSD or any other os.
o 'local' architecure: that's the programm to run 'qpush' on.
this can be anything you want, but mind that on other systems
than linux, you may have to add header files and/or libaries.
don't forget to byte-swap (ntohl()) the addrlist entries on
big endian machines.
o debian QPOP v2.2 seems to be immune to 'qpush' ?
o if you have compiled popper yourself, the return adresses in
"addrlist" may not match your binary. try altering these adresses.
o 'qpush' at least works for suse-linux qpopper v2.2 (same binary every-
where). suse has been mailed about that.
o I've check qpush with several homebrewed binaries and found that
will work better than the "0xbfffec18 /*2.41beta1*/"
herp () wildsau idv uni-linz ac at