[7597] in bugtraq
Re: Solaris 2.4 pop buffer overrun
daemon@ATHENA.MIT.EDU (Alan Thew)
Mon Aug 10 16:21:12 1998
Date: Mon, 10 Aug 1998 17:16:49 +0100
Reply-To: Alan Thew <Alan.Thew@LIVERPOOL.AC.UK>
From: Alan Thew <Alan.Thew@LIVERPOOL.AC.UK>
X-To: Julio Casal <julio.casal@SERVICOM.ES>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.32.19980810102546.0309cdd8@pop.mad.servicom.es>
This looks like SIMS 1.0/2.0 which has imap4/pop3 and was available for
solaris 2.5.1 and lower....
--
Alan Thew alan.thew@liverpool.ac.uk
Computing Services,University of Liverpool Fax: +44 151 794-4442
On Mon, 10 Aug 1998, Julio Casal wrote:
>>uhhh... since when does sun have its own pop3 daemon??
>>
>
>It may not be shipped with Solaris 2.4, sorry about that, but SUNWpop exists,
>I think it came as an extra with first Netra servers. I've seen it in some
>installations by Sun.
>
>Julio.
>
>
>>On 05-Aug-98 Julio Casal wrote:
>>> An old one I guess known but I never saw it in the list:
>>>
>>> Solaris 2.4 popper has an overflow in the username explotaible obviously
>>> as root.
>>> It's also easy to get root's shadow entry in the core dumped just
>failing to
>>> log as root before overruning the username.
>>>
>>> Cheers,
>>> Julio.
>>
>>
>>
>>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>>Daniel Leeds Systems Administrator
>>dleeds@dfacades.com DigitalFacades
>>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>>
>
