[7105] in bugtraq
Re: qpush: qpopper exploit source
daemon@ATHENA.MIT.EDU (Herbert Rosmanith)
Mon Jun 29 17:54:52 1998
Date: Mon, 29 Jun 1998 23:19:44 +0200
Reply-To: Herbert Rosmanith <herp@WILDSAU.IDV-EDU.UNI-LINZ.AC.AT>
From: Herbert Rosmanith <herp@WILDSAU.IDV-EDU.UNI-LINZ.AC.AT>
To: BUGTRAQ@NETSPACE.ORG
dear listmembers,
unfortunately, I've forgotten to add some information about the environment
'qpush' runs. let me do that now:
o target architecure: that's the architecure where popper runs.
this must be ix86-linux. will not work on FreeBSD or any other os.
o 'local' architecure: that's the programm to run 'qpush' on.
this can be anything you want, but mind that on other systems
than linux, you may have to add header files and/or libaries.
don't forget to byte-swap (ntohl()) the addrlist entries on
big endian machines.
o debian QPOP v2.2 seems to be immune to 'qpush' ?
o if you have compiled popper yourself, the return adresses in
"addrlist" may not match your binary. try altering these adresses.
o 'qpush' at least works for suse-linux qpopper v2.2 (same binary every-
where). suse has been mailed about that.
o I've check qpush with several homebrewed binaries and found that
long addrlist[]={
0xbfffeee4, /*2.2*/
0xbfffeb80 /*2.41beta1*/
}
will work better than the "0xbfffec18 /*2.41beta1*/"
before.
best regards,
herbert rosmanith
herp@wildsau.idv.uni-linz.ac.at
