Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: qpush: qpopper exploit source
From: herp () WILDSAU IDV-EDU UNI-LINZ AC AT (Herbert Rosmanith)
Date: Mon, 29 Jun 1998 23:19:44 +0200


dear listmembers,

unfortunately, I've forgotten to add some information about the environment
'qpush' runs. let me do that now:

 o target architecure: that's the architecure where popper runs.
   this must be ix86-linux. will not work on FreeBSD or any other os.
 o 'local' architecure: that's the programm to run 'qpush' on.
   this can be anything you want, but mind that on other systems
   than linux, you may have to add header files and/or libaries.
   don't forget to byte-swap (ntohl()) the addrlist entries on
   big endian machines.
 o debian QPOP v2.2 seems to be immune to 'qpush' ?
 o if you have compiled popper yourself, the return adresses in
   "addrlist" may not match your binary. try altering these adresses.
 o 'qpush' at least works for suse-linux qpopper v2.2 (same binary every-
    where). suse has been mailed about that.
 o I've check qpush with several homebrewed binaries and found that
   long addrlist[]={
        0xbfffeee4,             /*2.2*/
        0xbfffeb80              /*2.41beta1*/
   }
   will work better than the  "0xbfffec18            /*2.41beta1*/"
   before.

best regards,
herbert rosmanith
herp () wildsau idv uni-linz ac at



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault