[7096] in bugtraq
Re: More problems with QPOPPER -
daemon@ATHENA.MIT.EDU (Bruno Lopes F. Cabral)
Mon Jun 29 13:09:52 1998
Date: Mon, 29 Jun 1998 08:50:00 -0300
Reply-To: "Bruno Lopes F. Cabral" <bruno@OPENLINE.COM.BR>
From: "Bruno Lopes F. Cabral" <bruno@OPENLINE.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.980628202454.13116A-100000@Noldor> from "John
Fraizer" at Jun 28, 98 08:32:00 pm
Hi there
> After applying all the patches with exception of the PAM patch in the
> .RPM'd version of qpopper2.4.src, I have located yet another hole in qpopper.
>
> This popper was compiled with -DAUTH in the makefile.
[examples snipped]
> Then, I decided to try a VALID username:
>
> [OverKill]:/$ telnet localhost pop3
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> +OK QPOP (version 2.4) at Victim.Com starting.
> user valid
> +OK Password required for valid.
> pass [long line of X truncated]
> Connection closed by foreign host.
>
> It segfaulted and dumped core.
seems the pam patches protect this, because here (I use pam) it didn't work
$ telnet poor.victim.com 110
Trying poor.victim.ip.address...
Connected to poor.victim.com.
Escape character is '^]'.
+OK QPOP (version 2.4) at poor.victim.com starting.
user valid
+OK Password required for valid.
pass [long line of X striped]
-ERR Password supplied for "valid" is incorrect.
+OK Pop server at poor.victim.com signing off.
Connection closed by foreign host.
and the attempt was logged (although not different from a "normal" one)
Jun 29 08:42:29 poor in.qpopper[4612]: valid@poor.victom.com: -ERR Password supplied for "poor" is incorrect.
Jun 29 08:42:29 poor in.qpopper[4612]: Failed attempted login to poor from host poor.victim.com
> Looks like basically that if the parser sees that the command was actually
> a password argument, it doesn't send it through the truncate code.
I didn't looked into but I suspect the PAM patches change the default
of -DAUTH. BTW qpopper development seems halted. does any of you
contacted quallcom about these problems?
!3runo
