Date: Tue, 17 May 2005 13:32:39 +0300 From: Georgi Guninski <guninski@guninski.com> To: freebsd-amd64@freebsd.org Subject: can someone please try this qmail exploit? Message-ID: <20050517103239.GE5188@sivokote.iziade.m$>
next in thread | raw e-mail | index | archive | help
can some please try a qmail-smtpd remote exploit on freebsd 5.4 amd64? what is needed: - freebsd 5.4 amd64 - 13GB virtual memory - ram + swap (probably less will do, not quite sure) - vanilla djb qmail - http://cr.yp.to/qmail.html (an easy way to install it is to install qmail from ports, then change in conf-groups "nofiles" to "qnofiles" and build and install vanilla qmail. vanilla qmail is important. how to reproduce: donwload the perl proggie: http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html#qmlong-pubvvv7.pl (qmlong-pubvvv7.pl) start it on localhost. attach a gdb to qmail-smtpd and wait. if you get: Program received signal SIGTRAP, Trace/breakpoint trap. 0x000000000050cbac in ?? () (gdb) x/i $rip 0x50cbac: int3 (gdb) then the exploit works. notes: a lot of memory is used, so a production machine may be lagged. on an athlon64 2800+ with 1.5G ram the exploit takes about 1 hour. it was reported that with 8G ram the exploit takes about 10 minutes. there are flames on the qmail mailing list if this is a bug or not. thanks. -- georgi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050517103239.GE5188>