[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Squirrelmail Chpasswod bof

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Squirrelmail Chpasswod bof
From: p dont think <pdontthink@xxxxxxxxxxxxxx>
Date: Mon, 26 Apr 2004 17:20:13 -0700

All,

Replying to this thread using the web interface didn't seem to work at all, so... Please excuse me effectively starting the thread over, but wanted to make sure a follow-up got posted to the list. See:

http://www.securityfocus.com/archive/1/360547/2004-04-14/2004-04-20/2

> Hi all
>
> There is a boffer over flow in the chpasswd binary, distributed with
> the plugin. This allow to local's user to execute commands as a root.

This problem (and several others that were really needing to be fixed) has been resolved and a new version of this plugin is available at the link below. Obviously, it is highly recommended that anyone using this plugin upgrade immediately.

http://www.squirrelmail.org/plugin_view.php?id=117

Matias, next time please contact the plugin authors, any of the SquirrelMail mailing lists, SquirrelMail IRC, or other SquirrelMail developers before posting.

Thanks,

Paul


> ---:::Prott:::---
> root@orco:/mnt/hosting/hack/bof# su webmaster
> webmaster@orco:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999
> Using address: 0xbfffe325
> bash-2.05b$ ./chpasswd $RET asdf asdf
> The new password is equal to old password. Choose another password.
> sh-2.05b# id
> uid=0(root) gid=3(sys) groups=500(webmaster)
> sh-2.05b#
> ---:::end:::---
>
> Bye all

Prev by Date: SGI ProPack v2.4: Kernel update #3
Next by Date: Re: Apache - all versions vulnerability in OLD procesors.
Previous by thread: Re: Squirrelmail Chpasswod bof
Next by thread: Internet Explorer XSS published unpatched in SP1 AND SP2
Index(es):
- Date
- Thread