[29274] in bugtraq
Re: QPopper 4.0.x buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (Jaroslaw Zachwieja)
Wed Mar 12 12:45:21 2003
From: Jaroslaw Zachwieja <grok@tnt.pl>
To: bugtraq@securityfocus.com
Date: Wed, 12 Mar 2003 13:19:51 +0000
In-Reply-To: <20030310143133.GB1086@dereference.de>
MIME-Version: 1.0
Content-Type: Text/Plain;
charset="iso-8859-2"
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200303121319.51327.grok@tnt.pl>
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On pon 10. marca 2003 14:31, Florian Heinz wrote:
> http://nstx.dereference.de/snippets/qex.c
> Feedback is welcome.
Enforcing TLS/SSL is a temprorary workaround against script-kiddies -
exploit (out-of-the-box) will not be able to authenticate.
(there is a user foobar, with passwd "lalala" on the system)
$ ./qex rootbox foobar lalala
Phase 1: Seeking buffer size
Connecting to xxx.xxx.xxx.xxx... Logging in... Could not log in. Did you
provide a valid username/password-combination?
Exiting due to error...
that's becouse:
$ telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK ready
user foobar
- -ERR [AUTH] You must use TLS/SSL or stronger authentication such as APOP to
connect to this server
quit
Not a fix, but who sends plaintext passwords anyway :) Unfortunately, I
must assume, that at some point some "friendly" soul will equip qex with
TLS/SSL.
What is the vendor response on that?
- --
grok
GPG public key at http://www.keyserver.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+bzP3ANulANzEW40RArDsAJ43VBZhYJXdhWsyGXT59LfwbJkH8wCgs+FW
8g4LLzXZ/D71rkaVjDRBR0c=
=CVSC
-----END PGP SIGNATURE-----
