Displaying 1 result from an estimated 1 matches for "server_login".
Did you mean:
sender_login
1997 Mar 02
1
imapd and ipop3d hole
...ne
code to execute.
Both the POP and IMAP servers Mr. Crispin distributes discard supervisory
privileges sometime after this authentication phase. Unfortunately, the
overflow occurs before this happens, and the vulnerability will thus
allow an attacker superuser access.
The problematic routine is server_login(), which is in "log_xxx.c" in the
OS-dependent code tree of the server source distribution. The problem
occurs due to the routine''s attempt to allow a case insensitive match on
the username, which it does by copying the username provided to the
routine into an automatic variable...