Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: L0pht Advisory: IMAP4rev1 imapd server

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 9 Oct 1997 10:12:38 +0200


On Wed, 8 Oct 1997, We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote:


Scenario:

  It is possible to crash the imapd server in several possible places.
  Due to the lack of handling for the SIGABRT signal and the nature
  of the IMAP protocol in storing folders locally on the server; a core dump
  is produced in the users current directory. This core dump contains the
  password and shadow password files from the system.


It should be noted that this only works on systems that allow a
process that has changed UIDs since the last exec to core dump.

Some, such as FreeBSD (and OpenBSD I would guess, and a dozen
others), don't for exactly this reason.  The same thing came
up with ftpd a while back.



This was also changed on Solaris 2.6 and may be patched for some
older releases.


Casper
Previous By Date Next
Previous By Thread Next

Current thread: