Re: imap and popper

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 1 Dec 1998 16:29:03 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rik van Riel: "Re: Y2k compliance"
Previous message: Rik van Riel: "Re: 2.1.12X low responsiveness without high load"

>
> Nov 28 07:29:26 cpu1769 popper[8585]: @ip182.tucson6.az.pub-ip.psi.net: -ERR POP EOF received
> Nov 28 07:29:29 cpu1769 popper[8586]: [truncated] @ip182.tucson6.az.pub-ip.psi.net: -ERR Unknown command: "^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P

Classic buffer overrun attack against the old old imapd. If you were running
the ones from the vendor errata you wouldnt have gotten hit.

BTW: ^P^P^P^P^P^P.... is a very good sign of being a buffer overrun. Its
the 7bit ascii for

nop
nop
nop
nop
...

and is being used to pad the buffer and provide a bigger target area
for the overrun of the return address.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: Y2k compliance"
Previous message: Rik van Riel: "Re: 2.1.12X low responsiveness without high load"