[VIM] Ioannis Pomonis aka dr_insane
security curmudgeon
jericho at attrition.org
Tue Dec 13 01:00:12 EST 2005
: Looks like dr_insane has changed homes from geocities or wherever he
: was.
:
: http://www.ipomonis.com/advisories.htm
Yep, he contacted OSVDB about a few new issues. Some of them files were
in a .tar format and once extracted appeared to contain no details. He
has since fixed/verified they contain the data.
Unfortunately, one of his issues (mdaemon) is really vague. The session
ID weakness isn't clear if it can ONLY be used to log out a user, or for
additional attacks such as reading their mail. By itself, guessing a 7
character alphanumeric string just to log someone out of the system is a
nuisance at best.
More information about the VIM
mailing list