Binary package hint: teapop
I use teapop to manage pop3 in jaunty. After submitting credentials, teapop will output log below to the client (local AND remote).
Stack trace on remote console -- marking security vulnerability.. ?
george@crux:~$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
user abc
pass def
*** stack smashing detected ***: teapop terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f9dcba613b7]
/lib/libc.so.6(__fortify_fail+0x0)[0x7f9dcba61380]
teapop[0x407d32]
teapop[0x40832f]
teapop[0x408782]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f9dcb9805a6]
teapop[0x4024f9]
======= Memory map: ========
00400000-0040b000 r-xp 00000000 08:01 466112 /usr/sbin/teapop
0060b000-0060c000 rw-p 0000b000 08:01 466112 /usr/sbin/teapop
00838000-00859000 rw-p 00838000 00:00 0 [heap]
7f9dcaf1c000-7f9dcaf32000 r-xp 00000000 08:01 7849614 /lib/libgcc_s.so.1
7f9dcaf32000-7f9dcb132000 ---p 00016000 08:01 7849614 /lib/libgcc_s.so.1
7f9dcb132000-7f9dcb133000 r--p 00016000 08:01 7849614 /lib/libgcc_s.so.1
7f9dcb133000-7f9dcb134000 rw-p 00017000 08:01 7849614 /lib/libgcc_s.so.1
7f9dcb134000-7f9dcb136000 r-xp 00000000 08:01 7847944 /lib/libnss_mdns.so.2
7f9dcb136000-7f9dcb336000 ---p 00002000 08:01 7847944 /lib/libnss_mdns.so.2
7f9dcb336000-7f9dcb337000 rw-p 00002000 08:01 7847944 /lib/libnss_mdns.so.2
7f9dcb337000-7f9dcb34b000 r-xp 00000000 08:01 7849587 /lib/libresolv-2.9.so
7f9dcb34b000-7f9dcb54b000 ---p 00014000 08:01 7849587 /lib/libresolv-2.9.so
7f9dcb54b000-7f9dcb54c000 r--p 00014000 08:01 7849587 /lib/libresolv-2.9.so
7f9dcb54c000-7f9dcb54d000 rw-p 00015000 08:01 7849587 /lib/libresolv-2.9.so
7f9dcb54d000-7f9dcb54f000 rw-p 7f9dcb54d000 00:00 0
7f9dcb54f000-7f9dcb554000 r-xp 00000000 08:01 7849532 /lib/libnss_dns-2.9.so
7f9dcb554000-7f9dcb753000 ---p 00005000 08:01 7849532 /lib/libnss_dns-2.9.so
7f9dcb753000-7f9dcb754000 r--p 00004000 08:01 7849532 /lib/libnss_dns-2.9.so
7f9dcb754000-7f9dcb755000 rw-p 00005000 08:01 7849532 /lib/libnss_dns-2.9.so
7f9dcb755000-7f9dcb761000 r-xp 00000000 08:01 7849581 /lib/libnss_files-2.9.so
7f9dcb761000-7f9dcb960000 ---p 0000c000 08:01 7849581 /lib/libnss_files-2.9.so
7f9dcb960000-7f9dcb961000 r--p 0000b000 08:01 7849581 /lib/libnss_files-2.9.so
7f9dcb961000-7f9dcb962000 rw-p 0000c000 08:01 7849581 /lib/libnss_files-2.9.so
7f9dcb962000-7f9dcbaca000 r-xp 00000000 08:01 7849398 /lib/libc-2.9.so
7f9dcbaca000-7f9dcbcca000 ---p 00168000 08:01 7849398 /lib/libc-2.9.so
7f9dcbcca000-7f9dcbcce000 r--p 00168000 08:01 7849398 /lib/libc-2.9.so
7f9dcbcce000-7f9dcbccf000 rw-p 0016c000 08:01 7849398 /lib/libc-2.9.so
7f9dcbccf000-7f9dcbcd4000 rw-p 7f9dcbccf000 00:00 0
7f9dcbcd4000-7f9dcbcea000 r-xp 00000000 08:01 7849482 /lib/libnsl-2.9.so
7f9dcbcea000-7f9dcbeea000 ---p 00016000 08:01 7849482 /lib/libnsl-2.9.so
7f9dcbeea000-7f9dcbeeb000 r--p 00016000 08:01 7849482 /lib/libnsl-2.9.so
7f9dcbeeb000-7f9dcbeec000 rw-p 00017000 08:01 7849482 /lib/libnsl-2.9.so
7f9dcbeec000-7f9dcbeee000 rw-p 7f9dcbeec000 00:00 0
7f9dcbeee000-7f9dcbef7000 r-xp 00000000 08:01 7849400 /lib/libcrypt-2.9.so
7f9dcbef7000-7f9dcc0f6000 ---p 00009000 08:01 7849400 /lib/libcrypt-2.9.so
7f9dcc0f6000-7f9dcc0f7000 r--p 00008000 08:01 7849400 /lib/libcrypt-2.9.so
7f9dcc0f7000-7f9dcc0f8000 rw-p 00009000 08:01 7849400 /lib/libcrypt-2.9.so
7f9dcc0f8000-7f9dcc126000 rw-p 7f9dcc0f8000 00:00 0
7f9dcc126000-7f9dcc146000 r-xp 00000000 08:01 7849395 /lib/ld-2.9.so
7f9dcc323000-7f9dcc325000 rw-p 7f9dcc323000 00:00 0
7f9dcc341000-7f9dcc345000 rw-p 7f9dcc341000 00:00 0
7f9dcc345000-7f9dcc346000 r--p 0001f000 08:01 7849395 /lib/ld-2.9.so
7f9dcc346000-7f9dcc347000 rw-p 00020000 08:01 7849395 /lib/ld-2.9.so
7fffd4331000-7fffd4346000 rw-p 7ffffffea000 00:00 0 [stack]
7fffd43fe000-7fffd43ff000 r-xp 7fffd43fe000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Connection closed by foreign host.
teapop is no longer available in current releases of Ubuntu because it was removed[1] from the archive. What you're encountering are stack overflow bugs in the software. We do not recommend that anyone use teapop.
[1] http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 474099