The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: L0pht Advisory: IMAP4rev1 imapd server (fwd)



I guess I should have gone on reading before forwarding the L0pht advisory
to sceurity@debian.org... Is Linux one of the "dozen other OSes"
mentionned?

  Christian

---------- Forwarded message ----------
Date: Wed, 08 Oct 1997 17:45:05 -0600
From: Marc Slemko <marcs@znep.com>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: L0pht Advisory: IMAP4rev1 imapd server

On Wed, 8 Oct 1997, We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote:

> Scenario:
>
>   It is possible to crash the imapd server in several possible places.
>   Due to the lack of handling for the SIGABRT signal and the nature
>   of the IMAP protocol in storing folders locally on the server; a core dump
>   is produced in the users current directory. This core dump contains the
>   password and shadow password files from the system.

It should be noted that this only works on systems that allow a
process that has changed UIDs since the last exec to core dump.

Some, such as FreeBSD (and OpenBSD I would guess, and a dozen
others), don't for exactly this reason.  The same thing came
up with ftpd a while back.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .