ipop2d Arbitrary File Retrieval

2000-07-14T00:00:00
ID OSVDB:368
Type osvdb
Reporter badpack3t(badpack3t@security-protocols.com)
Modified 2000-07-14T00:00:00

Description

Vulnerability Description

ipop2d contains a flaw that may allow a malicious user to retrieve arbitrary files. The issue is triggered when using the 'fold' command, which could allow a malicious user with a POP account to retrieve any world or group readable files resulting in a loss of confidentiality.

Technical Description

The user must have a POP account on the system to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ipop2d contains a flaw that may allow a malicious user to retrieve arbitrary files. The issue is triggered when using the 'fold' command, which could allow a malicious user with a POP account to retrieve any world or group readable files resulting in a loss of confidentiality.

References:

Nessus Plugin ID:10469 Mail List Post: http://fux0r.phathookups.com/sploits/unsorted_exploits/pop2d.fold.txt ISS X-Force ID: 4950 Bugtraq ID: 1484