Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight

From: Mark Crispin (MRCat_private)
Date: Fri Apr 09 1999 - 09:18:15 PDT

Next message: dreamerat_private: "New Novell Remote.NLM Password Decryption Algorithm with Exploit"

Previous message: Mark Crispin: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Next in thread: Olaf Kirch: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ipop3d 3.3(20) and imapd 7.8(100) are both several years old.  The security
problems in those versions were published years ago.  Those bugs were also
fixed years ago.  What is your point?

On Fri, 9 Apr 1999 13:09:01 +0200 (MET DST), M.C.Mar wrote:
> ALL ABOVE IS TRUE ONLY FOR PINE, NOT FOR PINE COMPOONENTS (as ipop3d or
> imap, which is also vulnerable to semilocal buffer overflow that allows
> any user to read /etc/shadow). I tryed to explit pine, ipop3d [POP3
> 3.3(20) w/IMAP2 client (Comments to MRCat_private)] and imap
> [IMAP2bis Service 7.8(100)].
>
> 1) I could not execute any code using pine although gdb shows I
>    overwrited stack ret and ip register points to what I want.
> 2) I could read /etc/shadow exploiting ipop3d.
> 3) I could read /etc/shadow exploiting imap.

Next message: dreamerat_private: "New Novell Remote.NLM Password Decryption Algorithm with Exploit"
Previous message: Mark Crispin: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Next in thread: Olaf Kirch: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:54 PDT