Bugtraq mailing list archives

Re: L0pht Advisory: IMAP4rev1 imapd server

From: marcs () ZNEP COM (Marc Slemko)
Date: Wed, 8 Oct 1997 17:45:05 -0600


On Wed, 8 Oct 1997, We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote:

Scenario:

  It is possible to crash the imapd server in several possible places.
  Due to the lack of handling for the SIGABRT signal and the nature
  of the IMAP protocol in storing folders locally on the server; a core dump
  is produced in the users current directory. This core dump contains the
  password and shadow password files from the system.


It should be noted that this only works on systems that allow a
process that has changed UIDs since the last exec to core dump.

Some, such as FreeBSD (and OpenBSD I would guess, and a dozen
others), don't for exactly this reason.  The same thing came
up with ftpd a while back.

Current thread:

Re: Possible weakness in LPD protocol Warner Losh (Oct 03)
- Re: Possible weakness in LPD protocol Brett Lymn (Oct 08)
- L0pht Advisory: IMAP4rev1 imapd server We got Food - Fuel - Ice-cold Beer - and X.509 certificates (Oct 08)
  - Re: L0pht Advisory: IMAP4rev1 imapd server Marc Slemko (Oct 08)
    - SNMP Insecurity Aleph One (Oct 08)
    - Malicious Linux modules Runar Jensen (Oct 08)
    - Re: L0pht Advisory: IMAP4rev1 imapd server Casper Dik (Oct 09)
    - Security flaw in PGPverify of INN Lutz Donnerhacke (Oct 09)
    - Re: L0pht Advisory: IMAP4rev1 imapd server Kragen Sitaker (Oct 09)
    - Security flaw in Count.cgi (wwwcount) Razvan Dragomirescu (Oct 10)
    - Huge security holes in Microsoft FP98 server extensions for Apache Marc Slemko (Oct 11)
    - Re: Huge security holes in Microsoft FP98 server extensions for Aleph One (Oct 11)
    - DOS PC FTP SERVER Efrain Torres Mejia (Oct 11)
    - _very_ poor ISN generation on Ascend MAX (fwd) Marc Slemko (Oct 11)

(Thread continues...)