Hosting Provided By

Re: Buffer overflow in Dovecot or OpenSSL?

From: 3APA3A <3APA3A(at)SECURITY.NNOV.RU>
Date: Wed Apr 09 2003 - 08:38:15 EDT

You're right, the fact EIP points inside the stack should indicate large problems. But the string at EIP doesn't look to be shellcode or it's part. How many entries do you have in the log? Do you have stackdump?

--Tuesday, April 8, 2003, 11:39:23 PM, you wrote to vuln-dev@securityfocus.com:

TS> I saw a disturbing message today:

TS> PAX: terminating task: /usr/local/libexec/dovecot/imap-login(imap-login):13964, uid/euid: 102/102, EIP: 5D0CB8B8, ESP: 5D0CB82C TS> PAX: bytes at EIP: d8 b8 0c 5d 25 14 05 08 f8 9e 06 08 01 00 00 00 20 ca 04 08

--

~/ZARAZA
Âïðî÷åì, âàæíåå âñåãî - àëãîðèòì! (Ëåì) Received on Wed Apr 9 11:10:18 2003

This message: [ Message body ]
Next message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
Previous message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
In reply to: Timo Sirainen: "Buffer overflow in Dovecot or OpenSSL?"
Next in thread: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
Reply: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT

Do you need help?