Vulnerability Development mailing list archives
Re: QPOP2.5* exploit ??
From: sec () ORGONE NEGATION NET (jms)
Date: Sun, 14 May 2000 12:37:18 -0700
in summary, and to the people sending the list technotronic url's filled with old qpop exploits; so far, still not a single exploit for 2.53. please check the headers on the exploits you are sending me; they are invariably for beta versions etc, nothing touches 2.53. thanks to z33d for pointing out some funky code, but even z33d's bug, the most severe, appears to not be rootable or provide remote access. id also like to point out that my faith in 2.53 is largely fostered by the fact that about every few months i see this discussion, usually when a bug pops up in beta qpoppers, and for weeks everyone pours through source code to see if 2.53 is vulnerable, and so far it hasnt been. so far, im inclined to think that rootable qpop 2.53 = urban legend thrown around by people with a pathic need to be leeter-than-thou. i encourage everyone reading to prove me wrong, and post an exploit or buggy, rootable code :) -jason storm jms () negation net On Mon, 15 May 2000, Maurycy Prodeus wrote:
Hi,On Sun, 14 May 2000, H D Moore wrote:Ryan Sweat wrote: this has been found in the wild, however there seems to be a trojan in the shellcode. Popper 2.5* has been thought to be safe. I would not reccomend running this on your own machine unless you crack the shellcode and see what it does.Qpopper 2.5* safe? I think not. I have seen more than a few boxes cracked via publicly available exploits for the 2.53 version. I will tear apart the shell code buffer when I get time...i seem to recall someone else making the claim that 2.53 was rootable some months ago. to the best of my knowledge, no one has posted an exploit for 2.53 to this list, or any other. the rootable versions that have popped up since 2.53 were due to beta code being introduced. mr moore, as you appear to be a security professional, i look forward to you posting the offensive code from 2.53, or pointing out what functions appear to be vulnerable from your public 2.53 exploit. and if your feeilng up to it, post the exploit as well.anyway , I sent it but nobody from qpop devel team ;> didn't reply. There is a bug in function which prints some header's data, fprintf() without format. It's very hard to exploit but it's possible, but on my box it drops privs, only gid doesn't change. Rootable ? i don't think so. -= z33d =- ---=|#####################################################################|=--- z33d () tenet pl, talk.pl java's developer, security scans ... Mobile : [+48] 603 50 67 01 = There is no god, only sex, money and narcotics. = while true;do (cat /boot/vmlinuz)&;mkswap /dev/hda;done ---=|#####################################################################|=---
Current thread:
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Knud Erik Højgaard (Apr 14)
- <Possible follow-ups>
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Harmer, Mike (May 12)
- regarding phrack49's stack smashing tutorial Christian Hammers (May 13)
- Re: regarding phrack49's stack smashing tutorial Precious Roy (May 13)
- Re: regarding phrack49's stack smashing tutorial Bluefish (May 13)
- QPOP2.5* exploit ?? Ryan Sweat (May 14)
- Re: QPOP2.5* exploit ?? H D Moore (May 14)
- Re: QPOP2.5* exploit ?? jms (May 13)
- Napster Fix optik (May 14)
- Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
- Re: QPOP2.5* exploit ?? jms (May 14)
- Re: QPOP2.5* exploit ?? Eric LeBlanc (May 15)
- regarding phrack49's stack smashing tutorial Christian Hammers (May 13)
- hi sparc qpop info sp00n () GMX DE (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)