Univ. of Washington pop2d Buffer ...

- AV AC AU C I A
发布: 1999-05-26
修订: 2018-10-17

A buffer overflow vulnerability in pop2d version 4.4 or earlier allow malicious remote users to obtain access to the "nobody" user account. The pop2 and pop3 servers support the concept of an "anonymous proxy", whereby a remote user connecting to the server can instruct it to open an IMAP mailbox on some other saver they have a valid account on. In this state the pop2 server runs under the "nobody" user id. Once logged on, issuing a FOLD command with an argument of about 1000 bytes will cause a stack based buffer overflow.

0%
当前有1条漏洞利用/PoC
产品及版本信息(CPE)暂不可用