Re: imap and popper

Alan Cox (
Tue, 1 Dec 1998 16:29:03 +0000 (GMT)

> Nov 28 07:29:26 cpu1769 popper[8585]: -ERR POP EOF received
> Nov 28 07:29:29 cpu1769 popper[8586]: [truncated] -ERR Unknown command: "^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P

Classic buffer overrun attack against the old old imapd. If you were running
the ones from the vendor errata you wouldnt have gotten hit.

BTW: ^P^P^P^P^P^P.... is a very good sign of being a buffer overrun. Its
the 7bit ascii for


and is being used to pad the buffer and provide a bigger target area
for the overrun of the return address.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at