| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42A739A1.3090006@immunitysec.com> Date: Wed, 08 Jun 2005 14:32:01 -0400 From: Dave Aitel <dave@...unitysec.com> To: nolimit@...eiso.org Cc: Full-Disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org, bugtraq@...urityfocus.com Subject: Re: IpSwitch IMAP Server LOGON stack overflow nolimit@...eiso.org wrote: >Hello dave, thanks for the reply. Feels good to have an established name in the security field >comment on my exploit as artwork :) > >I did consider going after the STATUS overflow. This is the one you were talking about right? The >only downside is you need legit credentials for the mailserver first. While It's not too difficult >to brute force one, It just seemed easier to start on the LOGON one. As far as exploit writing >difficulty level, STATUS would have indeed been easier :> > >nolimit > > > Perhaps I'm thinking of something else entirely, but looking here: http://www.idefense.com/application/poi/display?id=243&type=vulnerabilities I see them refering to the second bug, which is the one I wrote up for CANVAS. You can pretty much auto-generate this without even loading ollydbg. -dave _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists