Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: QPopper 4.0.x buffer overflow vulnerability
From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
Date: Wed, 12 Mar 2003 12:03:29 -0500

Chrooting qpopper is also a good workaround, as well as good practice.
Instructions can be found at http://www.networkdweebs.com/chroot.html


-----Original Message-----
From: Jaroslaw Zachwieja [mailto:grok () tnt pl]
Sent: Wednesday, March 12, 2003 8:20 AM
To: bugtraq () securityfocus com
Subject: Re: QPopper 4.0.x buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On pon 10. marca 2003 14:31, Florian Heinz wrote:

http://nstx.dereference.de/snippets/qex.c
Feedback is welcome.

Enforcing TLS/SSL is a temprorary workaround against script-kiddies -
exploit (out-of-the-box) will not be able to authenticate.

(there is a user foobar, with passwd "lalala" on the system)

$ ./qex rootbox foobar lalala
Phase 1: Seeking buffer size
Connecting to xxx.xxx.xxx.xxx... Logging in... Could not log in. Did you
provide a valid username/password-combination?
Exiting due to error...

that's becouse:

$ telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK ready
user foobar
- -ERR [AUTH] You must use TLS/SSL or stronger authentication such as APOP
to
connect to this server
quit

Not a fix, but who sends plaintext passwords anyway :) Unfortunately, I
must assume, that at some point some "friendly" soul will equip qex with
TLS/SSL.

What is the vendor response on that?
- --
grok

GPG public key at http://www.keyserver.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+bzP3ANulANzEW40RArDsAJ43VBZhYJXdhWsyGXT59LfwbJkH8wCgs+FW
8g4LLzXZ/D71rkaVjDRBR0c=
=CVSC
-----END PGP SIGNATURE-----





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault