Bugtraq mailing list archives
Re: Linux imapd remote vunerability.
From: inter () BLUE MISNET COM (inter)
Date: Wed, 25 Jun 1997 01:54:29 -0500
I was waiting for something like this, typical bufferoverflow I am not sure however if it exists in slackware, (most slackware boxes I have seen dont even have imapd running default). Anyhow, RedHat 4.1 and under are exploitable. Just kill imapd no real point in running it anyhow. On Tue, 24 Jun 1997 so1o () INSECURITY ORG wrote:
Hi, This may be really old news, but I haven't seen it here on BugTraq... Linux Systems running the imapd server daemon can be remotely exploited in a way that an attacker can gain root access to the system by changing the root password field to being blank, I am not sure on the EXACT details of this hole, and so I don't know the imapd versions that can be exploited in this way. I have enclosed the ONLY source for this exploit that I can find anywhere, I have heard there are alot of other versions, including one that spawns a root shell, I have this exploit in a precompiled version which I can safely say work (I have only tested it on a Red Hat machine), but I cannot obtain the source at this point for any other versions of the remote exploit code.
Well its a buffer overflow so anything stuck in the code will run as root ---Cut Code--- I believe even BSDI 3.0 runs the same version of imapd as is installed in the RedHat Linux versions. BSDI 3.0 admins might want to check to see if they are running imapd. I believe imapd is running default on RedHat Linux as well as BSDI servers. Welp thats my 2 cents. Kirby Boteler AISC
Current thread:
- Linux imapd remote vunerability. so1o () INSECURITY ORG (Jun 24)
- Re: Linux imapd remote vunerability. inter (Jun 24)
- Re: Linux imapd remote vunerability. Theo Van Dinter (Jun 25)
- Re: Linux imapd remote vunerability. Alan Brown (Jun 26)
- Re: Linux imapd remote vunerability. Alex Nobert (Jun 25)
- CERT Advisory CA-97.19 - lpr Buffer Overrun Vulnerability Aleph One (Jun 25)
- Sun Security Bulletin #00145 Aleph One (Jun 25)
- Re: Linux imapd remote vunerability. Theo Van Dinter (Jun 25)
- Re: Linux imapd remote vunerability. inter (Jun 24)