Re: Buffer overflow in Dovecot or OpenSSL?
From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 04/09/03
- Previous message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- In reply to: Timo Sirainen: "Buffer overflow in Dovecot or OpenSSL?"
- Next in thread: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- Reply: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Apr 2003 16:38:15 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: Timo Sirainen <tss@iki.fi>
Dear Timo Sirainen,
You're right, the fact EIP points inside the stack should indicate large
problems. But the string at EIP doesn't look to be shellcode or it's
part. How many entries do you have in the log? Do you have stackdump?
--Tuesday, April 8, 2003, 11:39:23 PM, you wrote to vuln-dev@securityfocus.com:
TS> I saw a disturbing message today:
TS> PAX: terminating task: /usr/local/libexec/dovecot/imap-login(imap-login):13964, uid/euid: 102/102, EIP: 5D0CB8B8, ESP: 5D0CB82C
TS> PAX: bytes at EIP: d8 b8 0c 5d 25 14 05 08 f8 9e 06 08 01 00 00 00 20 ca 04 08
-- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем)
- Previous message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- In reply to: Timo Sirainen: "Buffer overflow in Dovecot or OpenSSL?"
- Next in thread: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- Reply: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
