| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 8 19:32:07 2005 From: dave at immunitysec.com (Dave Aitel) Subject: IpSwitch IMAP Server LOGON stack overflow nolimit@...eiso.org wrote: >Hello dave, thanks for the reply. Feels good to have an established name in the security field >comment on my exploit as artwork :) > >I did consider going after the STATUS overflow. This is the one you were talking about right? The >only downside is you need legit credentials for the mailserver first. While It's not too difficult >to brute force one, It just seemed easier to start on the LOGON one. As far as exploit writing >difficulty level, STATUS would have indeed been easier :> > >nolimit > > > Perhaps I'm thinking of something else entirely, but looking here: http://www.idefense.com/application/poi/display?id=243&type=vulnerabilities I see them refering to the second bug, which is the one I wrote up for CANVAS. You can pretty much auto-generate this without even loading ollydbg. -dave
Powered by blists - more mailing lists