Bugtraq mailing list archives

Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight

From: MRC () CAC WASHINGTON EDU (Mark Crispin)
Date: Fri, 9 Apr 1999 09:18:15 -0700


ipop3d 3.3(20) and imapd 7.8(100) are both several years old.  The security
problems in those versions were published years ago.  Those bugs were also
fixed years ago.  What is your point?

On Fri, 9 Apr 1999 13:09:01 +0200 (MET DST), M.C.Mar wrote:

ALL ABOVE IS TRUE ONLY FOR PINE, NOT FOR PINE COMPOONENTS (as ipop3d or
imap, which is also vulnerable to semilocal buffer overflow that allows
any user to read /etc/shadow). I tryed to explit pine, ipop3d [POP3
3.3(20) w/IMAP2 client (Comments to MRC () CAC Washington EDU)] and imap
[IMAP2bis Service 7.8(100)].

1) I could not execute any code using pine although gdb shows I
   overwrited stack ret and ip register points to what I want.
2) I could read /etc/shadow exploiting ipop3d.
3) I could read /etc/shadow exploiting imap.

Current thread:

Patrol security bugs, (continued)
- Patrol security bugs fcosta (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 09)
  - New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)
    - Novell Pandora Hack Jeremy M. Guthrie (Apr 12)
    - Re: Novell Pandora Hack Simple Nomad (Apr 13)
    - Re: Novell Pandora Hack Iain P.C. Moffat (Apr 13)
    - aDSL routers David Brumley (Apr 13)
    - Re: aDSL routers Derek Vadala (Apr 14)
    - aDSL routers Brad Zimmerman (Apr 14)
    - Re: aDSL routers Truman Boyes (Apr 14)
  - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Mark Crispin (Apr 09)
- Pine 4.xx exploit Maurycy Prodeus (Apr 09)
- Re: ipop3d (x2) / pine (x2) / ... GvS (Apr 11)
- Re: ipop3d (x2) / pine (x2) Oliver Xymoron (Apr 11)