From owner-freebsd-security  Tue May 26 17:08:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA25850
          for freebsd-security-outgoing; Tue, 26 May 1998 17:08:02 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA25585
          for <freebsd-security@FreeBSD.ORG>; Tue, 26 May 1998 17:07:13 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id RAA03312;
	Tue, 26 May 1998 17:07:19 -0700 (PDT)
Message-Id: <199805270007.RAA03312@implode.root.com>
To: James Flemer <jflemer@tiger.acsu.k12.vt.us>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: imapd_4.1b.txt 
In-reply-to: Your message of "Tue, 26 May 1998 13:49:59 EDT."
             <199805261749.NAA06996@tiger.acsu.k12.vt.us> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Tue, 26 May 1998 17:07:19 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

>  It is possible to crash the imapd server in several possible places.
>  Due to the lack of handling for the SIGABRT signal and the nature
>  of the IMAP protocol in storing folders locally on the server; a core dump
>  is produced in the users current directory. This core dump contains the
>  password and shadow password files from the system.

   In the case of FreeBSD, it could contain the no-password passwd file, but
in order for the encrypted passwords to be in memory, the process would have
to be setuid root, and if that is the case, the system won't generate a core
file.

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message