Re: Solaris 2.4 pop buffer overrun

• Previous message: Julio Casal: "Re: Solaris 2.4 pop buffer overrun"
• Maybe in reply to: Julio Casal: "Solaris 2.4 pop buffer overrun"
• Next in thread: Alan Thew: "Re: Solaris 2.4 pop buffer overrun"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>uhhh...  since when does sun have its own pop3 daemon??
>

It may not be shipped with Solaris 2.4, sorry about that, but SUNWpop exists,
I think it came as an extra with first Netra servers. I've seen it in some
installations by Sun.

Julio.


>On 05-Aug-98 Julio Casal wrote:
>> An old one I guess known but I never saw it in the list:
>>
>> Solaris 2.4 popper has an overflow in the username explotaible obviously
>> as root.
>> It's also easy to get root's shadow entry in the core dumped just
failing to
>> log as root before overruning the username.
>>
>> Cheers,
>> Julio.
>
>
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Daniel Leeds                          Systems Administrator
>dleedsat_private                          DigitalFacades
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>

• Next message: Jim Hebert: "Re: A way to prevent buffer overflow exploits? (was: "Any user can"
• Previous message: Julio Casal: "Re: Solaris 2.4 pop buffer overrun"
• Maybe in reply to: Julio Casal: "Solaris 2.4 pop buffer overrun"
• Next in thread: Alan Thew: "Re: Solaris 2.4 pop buffer overrun"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:51 PDT