Date: Sat, 27 Jun 1998 05:17:48 -0700 (PDT) From: Jason Godsey <godsey@godsey.net> To: isp@FreeBSD.ORG Cc: current@FreeBSD.ORG Subject: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT (fwd) Message-ID: <Pine.BSF.3.96.980627051733.18856A-100000@shaw.fidalgo.net>
next in thread | raw e-mail | index | archive | help
-- Jason Godsey - godsey@godsey.net - http://www.godsey.net/ ---------- Forwarded message ---------- Date: Sat, 27 Jun 1998 00:58:24 -0400 From: Seth McGann <smm@WPI.EDU> To: BUGTRAQ@NETSPACE.ORG Subject: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Its come to my attention that systems around the internet are being exploited using a new remote overflow in Qualcomm's Popper server. Well, lets clear a few things up: 1. The working exploit was stolen from my development account, subsequently MANY sites were cracked in short order. Much of Efnet was compromised as power crazed script kiddies gained root access on IRCOP boxes, giving themselves O-lines. 2. This vulnerability effects FreeBSD, OpenBSD, and Solaris x86 so far. Other systems are most certainly vulnerable. Linux does not appear vulnerable. To test, simply send the sever several thousand characters and see if it crashed. Check the return address to see if it matches. 3. Due to massive exploitation the proper authorities have most likely been notified already. This is a bit of an emergency. 4. You will NOT get the "exploit" from me, don't ask. If you think your "eleet" enough, do it yourself. I admit I had some help, but it took a while to figure out. 5. The most obvious offender is the vsprintf() on line 66 of pop_msg.c. 6. If you have a problem with my style, I'm sorry. I'm angry at both myself and the members of #conflict who I hold directly responsible for this breach. I will not name names, the offenders know who they are. 7. When I have my head together I will post a patch tomorrow if one is not available by then. 8. For now, disable qpopper or choose another solution till qpopper is secured. Thank you. Seth M. McGann / smm@wpi.edu "Security is making it http://www.wpi.edu/~smm to the bathroom in time." KeyID: 2048/1024/E2501C80 Fingerprint 3344 DFA2 8E4A 977B 63A7 19E3 6AF7 4AE7 E250 1C80 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980627051733.18856A-100000>