can someone please try this qmail exploit?
Georgi Guninski
guninski at guninski.com
Tue May 17 03:32:13 PDT 2005
can some please try a qmail-smtpd remote exploit on freebsd 5.4 amd64?
what is needed:
- freebsd 5.4 amd64
- 13GB virtual memory - ram + swap (probably less will do, not quite sure)
- vanilla djb qmail - http://cr.yp.to/qmail.html (an easy way to
install it is to install qmail from ports, then change in
conf-groups "nofiles" to "qnofiles" and build and install vanilla
qmail. vanilla qmail is important.
how to reproduce:
donwload the perl proggie:
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html#qmlong-pubvvv7.pl
(qmlong-pubvvv7.pl)
start it on localhost.
attach a gdb to qmail-smtpd and wait.
if you get:
Program received signal SIGTRAP, Trace/breakpoint trap.
0x000000000050cbac in ?? ()
(gdb) x/i $rip
0x50cbac: int3
(gdb)
then the exploit works.
notes:
a lot of memory is used, so a production machine may be lagged.
on an athlon64 2800+ with 1.5G ram the exploit takes about 1 hour.
it was reported that with 8G ram the exploit takes about 10 minutes.
there are flames on the qmail mailing list if this is a bug or not.
thanks.
--
georgi
More information about the freebsd-amd64
mailing list