[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow

To: <dave@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow
From: <nolimit@xxxxxxxxxxx>
Date: Wed, 8 Jun 2005 16:55:33 -0400

Ah, you refer to this one.
"The first vulnerability specifically exists in the handling of a long 
username to the LOGIN command. A long username argument of approximately 
2,000 bytes will cause a stack based unicode string buffer overflow 
providing the attacker with partial control over EIP. As this 
vulnerability is in the LOGIN command itself, valid credentials are not 
required. "

Later it reads 
"The second vulnerability also exists in the handling of the LOGIN 
command username argument, however it lends itself to easier 
exploitation."

I guess I shouldn't have trusted this statement :) 
Perhaps I'll take a look at this one next, or just use your CANVAS example :)
Cheers
nolimit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow
Next by Date: Re: [Full-disclosure] Re: Exploits Selling / Buying
Previous by thread: Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow
Next by thread: [Full-disclosure] FW: OWASP SoCal Chapter - New Mailing List
Index(es):
- Date
- Thread