Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 May 2000 16:52:32 +0900
From:      sen_ml@eccosys.com
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: QPOPPER: Remote gid mail exploit
Message-ID:  <20000530165232H.1001@eccosys.com>
In-Reply-To: <Pine.BSF.4.21.0005300028250.52225-100000@freefall.freebsd.org>
References:  <20000530113403A.1001@eccosys.com> <Pine.BSF.4.21.0005300028250.52225-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
From: Kris Kennaway <kris@FreeBSD.org>
Subject: Re: QPOPPER: Remote gid mail exploit
Date: Tue, 30 May 2000 00:31:53 -0700 (PDT)
Message-ID: <Pine.BSF.4.21.0005300028250.52225-100000@freefall.freebsd.org>

> On Tue, 30 May 2000 sen_ml@eccosys.com wrote:
> 
> > > As with the IMAP exploit, this will give people a shell, which they usually
> > > didn't have beforehand, when they are just popusers.
> > 
> > since the problem has to w/ a pop command that's issued after
> > successful authentication, if the user already has shell access, then
> > there isn't anything to worry about, is there?  or is the shell
> > running as some other user?
> 
> I don't believe this (the text you replied to above) is true. As I
> understand it the vulnerability is that an attacker can send a email with
> a certain header which will be parsed by the pop server when a client
> downloads the email using the EUIDL command, at which point the buffer
> overflows and can execute arbitrary code as gid mail (or whatever the pop
> server runs as). So it's much worse than the imap hole. 

thanks a lot for the explanation.

> As a consolation, it's harder to exploit on FreeBSD because of a fix
> we made in the port, but it's still reportedly exploitable.

i'm a bit confused here -- does this mean the current port is still
vulnerable or that the port available at the time of the exploit
announcement happened to be hard to exploit?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000530165232H.1001>