Date: Wed, 24 May 2000 16:52:01 -0500 (CDT) From: Jeremy Shaffner <jer@jorsm.com> To: Dmitry Valdov <dv@dv.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: QPOPPER: Remote gid mail exploit Message-ID: <Pine.BSF.4.21.0005241649220.7700-100000@mercury.jorsm.com> In-Reply-To: <Pine.BSF.3.95q.1000525014416.3965E-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't see that happening here: uidl 2 +OK 2 AAAAAAAAAAAAAA euidl 2 +OK 2 AAAAAAAAAAAAAA 481 %p%p%p%p%p%p%p%p@foo.domain.com Without the patch you get the behavior described in the advisory: +OK 2 AAAAAAAAAAAAAA 470 0xbfbfd0340x804fd640xbfbfd0340x1d60x8052e4e0xbfbfd86c0x 80570280x5@foo.domain.com -Jeremy On Thu, 25 May 2000, Dmitry Valdov wrote: > Hi! > > This patch doesn't work. popper exiting with sig11 when user send UIDL xxx > command. > > Dmitry. > > > > Or you can manually patch it by doing the following: > > > > At lines 152 and 62 from pop_uidl.c, replace: > > - return (pop_msg (p,POP_SUCCESS, buffer)); > > to: > > + return (pop_msg (p,POP_SUCCESS, "%s", buffer)); > > > > > > Here is the resulting patch: > > > > > > ---------8<-------- > > > > --- pop_uidl.c.orig Wed May 24 15:58:53 2000 > > +++ pop_uidl.c Wed May 24 16:21:56 2000 > > @@ -59,7 +59,7 @@ > > > > sprintf(buffer, "%d %s", msg_id, mp->uidl_str); > > if (nl = index(buffer, NEWLINE)) *nl = 0; > > - return (pop_msg (p,POP_SUCCESS, buffer)); > > + return (pop_msg (p,POP_SUCCESS, "%s", buffer)); > > } > > } else { > > /* yes, we can do this */ > > @@ -149,7 +149,7 @@ > > sprintf(buffer, "%d %s", msg_id, mp->uidl_str); > > if (nl = index(buffer, NEWLINE)) *nl = 0; > > sprintf(buffer, "%s %d %.128s", buffer, mp->length, from_hdr(p, > > mp)); > > - return (pop_msg (p,POP_SUCCESS, buffer)); > > + return (pop_msg (p,POP_SUCCESS, "%s", buffer)); > > } > > } else { > > /* yes, we can do this */ > > > > ------->8---------- > > --- Jeremy Shaffner System Administrator JORSM Internet jer@jorsm.com http://www.jorsm.com/~jer/pgp.key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005241649220.7700-100000>