windtop bpop3d vulnerability n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Windtop bpop3d Vulnerability PowerPoint Presentation
Download Presentation
Windtop bpop3d Vulnerability

Loading in 2 Seconds...

play fullscreen
1 / 6

Windtop bpop3d Vulnerability - PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on

Windtop bpop3d Vulnerability. timhsu @ chroot.org. July 2005. Windtop BBS. BBS developed from Maple-3 Easy install and friendly. Buffer overflow. static void cmd_user(cn) Client *cn; { int fd; ACCT acct; char *userid, *ptr, fpath[80], msg[128]; MYDOG;

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windtop bpop3d Vulnerability' - havily


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windtop bpop3d vulnerability

Windtop bpop3d Vulnerability

timhsu @ chroot.org

July 2005

windtop bbs
Windtop BBS
  • BBS developed from Maple-3
  • Easy install and friendly
buffer overflow
Buffer overflow

static void cmd_user(cn)

Client *cn;

{

int fd;

ACCT acct;

char *userid, *ptr, fpath[80], msg[128];

MYDOG;

if (cn->mode >= CM_LOGIN)

{

cmd_xxxx(cn);

return;

}

userid = parse_token(NULL, LOWER);

if (!userid || !*userid)

{

do_argument(cn);

return;

}

sprintf(msg, "-ERR %s has no mail here", userid);

rcvbufsiz
RCVBUFSIZ
  • Maple-3
    • #define SNDBUFSIZ (256 * 14)
    • #define SNDLINSIZ 256 /* Thor.990522: 註解: 送出每行最長 */
    • #define RCVBUFSIZ 128 /* Thor.990522: 註解: 收到每行最長 */
  • Windtop
    • #define SNDBUFSIZ (256 * 32)
    • #define SNDLINSIZ (1024)
    • #define RCVBUFSIZ (1024)
exploit
Exploit
  • http://www.chroot.org/docs/2004/writing_remote_exploit.pdf
  • Exploit works on Linux and FreeBSD both
  • Test on my VMware successfully
  • Release the exploit after windtop fix the bug.
slide6

Thank You

~ END ~