On Mon, 2 Feb 1998, Peter van Dijk wrote: > [attic bug report nr. 1] > > While fooling around a little with NIS/YP (didn't get it completely > working...) I ran into a bug in the imapd and ipop3d that come with > slackware 3.4 (if you install the pine package). > Earlier slackware versions will problably NOT suffer from this bug, > because they did not include shadowing. > > When fed an unknown username, imapd and ipop3d will dump core: [exploit snipped] Slackware 3.3 includes does include shadowing. Apparently, the stock ipop3d is not vunerable, but imapd is. thumper:/$ telnet thumper 110 Trying 127.0.0.1... Connected to thumper.woods.com. Escape character is '^]'. +OK thumper POP3 Server (Version 1.005h) ready at <Sun Feb 01 23:09:25 1998> user root +OK please send PASS command pass linux -ERR invalid usercode or password, please try again user john +OK please send PASS command pass doe -ERR invalid usercode or password, please try again quit +OK arthur POP3 Server (Version 1.005h) shutdown. Connection closed by foreign host. thumper:/$ ls -l core /bin/ls: core: No such file or directory thumper:/$ thumper:/$ telnet thumper imap2 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK thumper.woods.com IMAP2bis Service 7.8(100) at Sun, 1 Feb 1998 23:15:45 -0800 (PST) A001 LOGIN root linux A001 NO Bad LOGIN user name and/or password A002 LOGIN john doe Connection closed by foreign host. thumper:/$ ls -l core -rw------- 1 root root 282624 Feb 1 23:16 core thumper:/$ -- David Griffith dgriffiat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:17 PDT