Re: L0pht Advisory: IMAP4rev1 imapd server

marcsZNEP.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: L0pht Advisory: IMAP4rev1 imapd server"
• Previous message: Andre L. Dos Santos: "Another way to exploit local classes in Java"
• In reply to: We got Food - Fuel - Ice-cold Beer - and X.509 certificates: "L0pht Advisory: IMAP4rev1 imapd server"
• Next in thread: Casper Dik: "Re: L0pht Advisory: IMAP4rev1 imapd server"

On Wed, 8 Oct 1997, We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote:

> Scenario:
>
>   It is possible to crash the imapd server in several possible places.
>   Due to the lack of handling for the SIGABRT signal and the nature
>   of the IMAP protocol in storing folders locally on the server; a core dump
>   is produced in the users current directory. This core dump contains the
>   password and shadow password files from the system.

It should be noted that this only works on systems that allow a
process that has changed UIDs since the last exec to core dump.

Some, such as FreeBSD (and OpenBSD I would guess, and a dozen
others), don't for exactly this reason.  The same thing came
up with ftpd a while back.

• Next message: Casper Dik: "Re: L0pht Advisory: IMAP4rev1 imapd server"
• Previous message: Andre L. Dos Santos: "Another way to exploit local classes in Java"
• In reply to: We got Food - Fuel - Ice-cold Beer - and X.509 certificates: "L0pht Advisory: IMAP4rev1 imapd server"
• Next in thread: Casper Dik: "Re: L0pht Advisory: IMAP4rev1 imapd server"