Bugtraq: Re: response to the bugtraq report of buffer overruns in imapd LIST command

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: response to the bugtraq report of buffer overruns in imapd LIST command

From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Tue, 18 Apr 2000 22:15:20 +0200


Mark Crispin wrote:

Last but not least, I am very interested in Kris Kennaway's claim that "It may
also be possible to break out of the chroot jail on some platforms."  If true,
it represents a huge root-level security hole on those platforms.  I simply do
not believe the claim.  I would like to know if there is some substance to
this claim, or if it was mere speculation.


If you can get root privilegies inside the jail then breaking out is a
trivial matter on most systems.

On some systems you might be able to break out without root privilegies
if there is a filehandle open to outside the jail. Especially so if
there is a filedescriptor to a directory.

--
Henrik Nordstrom

By Date By Thread

Current thread:

AVM's Statement, (continued)