Bugtraq mailing list archives
Re: Squirrelmail Chpasswod bof
From: p dont think <pdontthink () angrynerds com>
Date: Mon, 26 Apr 2004 17:20:13 -0700
All,Replying to this thread using the web interface didn't seem to work at all, so... Please excuse me effectively starting the thread over, but wanted to make sure a follow-up got posted to the list. See:
http://www.securityfocus.com/archive/1/360547/2004-04-14/2004-04-20/2 > Hi all > > There is a boffer over flow in the chpasswd binary, distributed with > the plugin. This allow to local's user to execute commands as a root.This problem (and several others that were really needing to be fixed) has been resolved and a new version of this plugin is available at the link below. Obviously, it is highly recommended that anyone using this plugin upgrade immediately.
http://www.squirrelmail.org/plugin_view.php?id=117Matias, next time please contact the plugin authors, any of the SquirrelMail mailing lists, SquirrelMail IRC, or other SquirrelMail developers before posting.
Thanks, Paul > ---:::Prott:::--- > root@orco:/mnt/hosting/hack/bof# su webmaster > webmaster@orco:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999 > Using address: 0xbfffe325 > bash-2.05b$ ./chpasswd $RET asdf asdf > The new password is equal to old password. Choose another password. > sh-2.05b# id > uid=0(root) gid=3(sys) groups=500(webmaster) > sh-2.05b# > ---:::end:::--- > > Bye all
Current thread:
- Squirrelmail Chpasswod bof Matias Neiff (Apr 17)
- Re: Squirrelmail Chpasswod bof Jonathan Angliss (Apr 19)
- Re: Squirrelmail Chpasswod bof martin f krafft (Apr 19)
- <Possible follow-ups>
- Re: Squirrelmail Chpasswod bof Peter Geissler (Apr 19)
- Re: Squirrelmail Chpasswod bof rip (Apr 19)
- Re: Squirrelmail Chpasswod bof p dont think (Apr 27)