Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow

from [Dave Aitel] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow
Date: Wed, 08 Jun 2005 14:32:01 -0400 
nolimit@coreiso.org wrote:

Hello dave, thanks for the reply. Feels good to have an established name in the 
security field
comment on my exploit as artwork :)

I did consider going after the STATUS overflow. This is the one you were 
talking about right? The
only downside is you need legit credentials for the mailserver first. While 
It's not too difficult
to brute force one, It just seemed easier to start on the LOGON one. As far as 
exploit writing
difficulty level, STATUS would have indeed been easier :>

nolimit



Perhaps I'm thinking of something else entirely, but looking here: http://www.idefense.com/application/poi/display?id=243&type=vulnerabilities I see them refering to the second bug, which is the one I wrote up for CANVAS. You can pretty much auto-generate this without even loading ollydbg.

-dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow, Dave Aitel
Next by Date:  Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow, nolimit
Previous by Thread:  Re: Re: [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow, nolimit
Next by Thread:  [VulnWatch] leafnode security announcement leafnode-SA-2005-02 (CAN-2005-1911), Matthias Andree
Indexes:  [Date] [Thread] [Top] [All Lists]