Download
1 / 6
60 likes | 162 Vues
In July 2005, a buffer overflow vulnerability was discovered in Windtop BBS, a bulletin board system derived from Maple-3. The vulnerability can be exploited in both Linux and FreeBSD environments, allowing unauthorized access to system resources. The cmd_user function is particularly affected, which does not correctly validate user input. Documentation and detailed instructions on the exploit are provided, emphasizing the easy installation and user-friendly nature of Windtop BBS. Developers are urged to apply necessary patches to counter this exploit.
E N D
Windtop bpop3d Vulnerability timhsu @ chroot.org July 2005
Windtop BBS • BBS developed from Maple-3 • Easy install and friendly
Buffer overflow static void cmd_user(cn) Client *cn; { int fd; ACCT acct; char *userid, *ptr, fpath[80], msg[128]; MYDOG; if (cn->mode >= CM_LOGIN) { cmd_xxxx(cn); return; } userid = parse_token(NULL, LOWER); if (!userid || !*userid) { do_argument(cn); return; } sprintf(msg, "-ERR %s has no mail here", userid);
RCVBUFSIZ • Maple-3 • #define SNDBUFSIZ (256 * 14) • #define SNDLINSIZ 256 /* Thor.990522: 註解: 送出每行最長 */ • #define RCVBUFSIZ 128 /* Thor.990522: 註解: 收到每行最長 */ • Windtop • #define SNDBUFSIZ (256 * 32) • #define SNDLINSIZ (1024) • #define RCVBUFSIZ (1024)
Exploit • http://www.chroot.org/docs/2004/writing_remote_exploit.pdf • Exploit works on Linux and FreeBSD both • Test on my VMware successfully • Release the exploit after windtop fix the bug.
Thank You ~ END ~
