Date: Sat, 27 Jun 1998 13:04:02 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: security@FreeBSD.ORG Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT Message-ID: <35954222.F20D2144@infowest.com> References: <35951273.6488@kharkiv.net> <19980627133614.42227@mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, Jun 27, 1998 at 06:40:35PM +0300, Vadim V. Chepkov wrote: > > Jordan K. Hubbard wrote: > > > > > > > > > I've already committed a slightly more intelligent fix to this > > > problem. Thanks! > > > > > > > But it doesn't work > > <<snip>> Does the patch to pop_msg.c take into account that a "(void)strcat(message, "\r\n"); call appears later on and adds 2 more chars to the message buffer? I haven't seen JKH's patch yet, but I noticed that some of the patches posted to BUGTRAQ miss this. The result is that the perl trick still crashes popper, but the crash occurs on the strcat() call and not where the old vsprintf() call was. Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35954222.F20D2144>