Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

X-RDate: Tue, 03 Feb 1998 10:17:15 +0500 (ESK)
Date: Mon, 2 Feb 1998 13:30:20 +0200
From: "raf@licj..... (Bugtraq Mirror)" <bugtraq@LICJ.SOROSCJ.RO>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: imapd/ipop3d coredump in slackware 3.4

On Mon, 2 Feb 1998, Peter van Dijk wrote:

> [attic bug report nr. 1]
>
> While fooling around a little with NIS/YP (didn't get it completely
> working...) I ran into a bug in the imapd and ipop3d that come with
> slackware 3.4 (if you install the pine package).
> Earlier slackware versions will problably NOT suffer from this bug,
> because they did not include shadowing.
>
> When fed an unknown username, imapd and ipop3d will dump core:
>
> [root@koek] /# telnet zopie 110
> Trying 10.10.13.1...
> Connected to zopie.attic.vuurwerk.nl.
> Escape character is '^]'.
> +OK zopie.attic.vuurwerk.nl POP3 3.3(20) w/IMAP2 client (Comments to MRC@CAC.Washington.EDU) at Sun, 1 Feb 1998 23:45:06 +0100 (CET)
> user root
> +OK User name accepted, password please
> pass linux
> [this is not the correct password]
> -ERR Bad login
> user john
> [i have no user named john]
> +OK User name accepted, password please
> pass doe
> Connection closed by foreign host.
>

This does not affect slackware 3.3 (which HAS shadow !!!!!). May be a bug
in that version of ipop3d :(

root@licj:~# tn licj 110
Trying 193.226.84.250...
Connected to licj.soroscj.ro.
Escape character is '^]'.
+OK licj POP3 Server (Version 1.005h) ready at <Mon Feb 02 13:27:01 1998>
user root
+OK please send PASS command
pass kaka
-ERR invalid usercode or password, please try again
user kkt
+OK please send PASS command
pass lksdghsql
-ERR invalid usercode or password, please try again
user raf
+OK please send PASS command
pass a;sdkljfh
-ERR invalid usercode or password, please try again
........
and so on.....

Radu-Adrian Feurdean

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год