Re: Buffer overflow in Dovecot or OpenSSL?

From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 04/09/03

  • Next message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"
    Date: Wed, 9 Apr 2003 16:38:15 +0400
    From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
    To: Timo Sirainen <tss@iki.fi>
    
    

    Dear Timo Sirainen,

    You're right, the fact EIP points inside the stack should indicate large
    problems. But the string at EIP doesn't look to be shellcode or it's
    part. How many entries do you have in the log? Do you have stackdump?

    --Tuesday, April 8, 2003, 11:39:23 PM, you wrote to vuln-dev@securityfocus.com:

    TS> I saw a disturbing message today:

    TS> PAX: terminating task: /usr/local/libexec/dovecot/imap-login(imap-login):13964, uid/euid: 102/102, EIP: 5D0CB8B8, ESP: 5D0CB82C
    TS> PAX: bytes at EIP: d8 b8 0c 5d 25 14 05 08 f8 9e 06 08 01 00 00 00 20 ca 04 08

    -- 
    ~/ZARAZA
    Впрочем, важнее всего - алгоритм!  (Лем)
    

  • Next message: Timo Sirainen: "Re: Buffer overflow in Dovecot or OpenSSL?"

    Relevant Pages

    • Re: Buffer overflow in Dovecot or OpenSSL?
      ... the fact EIP points inside the stack should indicate large ... Shellcode could have been before or after it, because of stack base ... or just that it was some random bug that triggered the first ...
      (Vuln-Dev)
    • Re:WinAmp POC: How to get 900+ shellcodespace!?
      ... I tried to add a validcda:// string before the overflowing ... The result is the following in the stack: ... over 900 bytes shellcode space!!! ...
      (Bugtraq)