|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: QPOP2.5* exploit ??
From: jms (sec
ORGONE.NEGATION.NET)Date: Sun May 14 2000 - 14:37:18 CDT
- Next message: Thierry Zoller: "Re: ScriptGuard"
- Previous message: Crispin Cowan: "Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs"
- In reply to: Maurycy Prodeus: "Re: QPOP2.5* exploit ??"
- Next in thread: Eric LeBlanc: "Re: QPOP2.5* exploit ??"
- Reply: jms: "Re: QPOP2.5* exploit ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
in summary, and to the people sending the list technotronic url's filled
with old qpop exploits;
so far, still not a single exploit for 2.53.
please check the headers on the exploits you are sending me; they are
invariably for beta versions etc, nothing touches 2.53.
thanks to z33d for pointing out some funky code, but even z33d's bug, the
most severe, appears to not be rootable or provide remote access.
id also like to point out that my faith in 2.53 is largely fostered by the
fact that about every few months i see this discussion, usually when
a bug pops up in beta qpoppers, and for weeks everyone pours through
source code to see if 2.53 is vulnerable, and so far it hasnt been.
so far, im inclined to think that rootable qpop 2.53 = urban legend thrown
around by people with a pathic need to be leeter-than-thou.
i encourage everyone reading to prove me wrong, and post an exploit or
buggy, rootable code :)
-jason storm
jmsnegation.net
On Mon, 15 May 2000, Maurycy Prodeus wrote:
> Hi,
>
> > On Sun, 14 May 2000, H D Moore wrote:
> >
> > > > Ryan Sweat wrote:
> > > >
> > > > this has been found in the wild, however there seems to be a
> > > > trojan in the shellcode. Popper 2.5* has been thought to be safe. I
> > > > would not reccomend running this on your own machine unless you crack
> > > > the shellcode and see what it does.
> > >
> > > Qpopper 2.5* safe? I think not. I have seen more than a few boxes
> > > cracked via publicly available exploits for the 2.53 version. I will
> > > tear apart the shell code buffer when I get time...
> >
> > i seem to recall someone else making the claim that 2.53 was rootable
> > some months ago.
> >
> > to the best of my knowledge, no one has posted an exploit for 2.53 to this
> > list, or any other.
> >
> > the rootable versions that have popped up since 2.53 were due to beta
> > code being introduced.
> >
> > mr moore, as you appear to be a security professional, i look forward to
> > you posting the offensive code from 2.53, or pointing out what functions
> > appear to be vulnerable from your public 2.53 exploit.
> >
> > and if your feeilng up to it, post the exploit as well.
> >
> anyway , I sent it but nobody from qpop devel team ;> didn't reply.
> There is a bug in function which prints some header's data,
> fprintf() without format. It's very hard to exploit but it's possible, but
> on my box it drops privs, only gid doesn't change. Rootable ? i don't
> think so.
>
> -= z33d =-
>
>
> ---=|#####################################################################|=---
> z33dtenet.pl, talk.pl java's developer, security scans ...
> Mobile : [+48] 603 50 67 01
> = There is no god, only sex, money and narcotics. =
> while true;do (cat /boot/vmlinuz)&;mkswap /dev/hda;done
> ---=|#####################################################################|=---
>
- Next message: Thierry Zoller: "Re: ScriptGuard"
- Previous message: Crispin Cowan: "Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs"
- In reply to: Maurycy Prodeus: "Re: QPOP2.5* exploit ??"
- Next in thread: Eric LeBlanc: "Re: QPOP2.5* exploit ??"
- Reply: jms: "Re: QPOP2.5* exploit ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]