|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Buffer overflow in Dovecot or OpenSSL?
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Wed Apr 09 2003 - 07:38:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Timo Sirainen,
You're right, the fact EIP points inside the stack should indicate large
problems. But the string at EIP doesn't look to be shellcode or it's
part. How many entries do you have in the log? Do you have stackdump?
--Tuesday, April 8, 2003, 11:39:23 PM, you wrote to vuln-devsecurityfocus.com:
TS> I saw a disturbing message today:
TS> PAX: terminating task: /usr/local/libexec/dovecot/imap-login(imap-login):13964, uid/euid: 102/102, EIP: 5D0CB8B8, ESP: 5D0CB82C
TS> PAX: bytes at EIP: d8 b8 0c 5d 25 14 05 08 f8 9e 06 08 01 00 00 00 20 ca 04 08
--
~/ZARAZA
Впрочем, важнее всего - алгоритм! (Лем)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]