[VIM] Ioannis Pomonis aka dr_insane

security curmudgeon jericho at attrition.org
Tue Dec 13 01:00:12 EST 2005

: Looks like dr_insane has changed homes from geocities or wherever he 
: was.
:   http://www.ipomonis.com/advisories.htm

Yep, he contacted OSVDB about a few new issues. Some of them files were 
in a .tar format and once extracted appeared to contain no details. He 
has since fixed/verified they contain the data.

Unfortunately, one of his issues (mdaemon) is really vague. The session 
ID weakness isn't clear if it can ONLY be used to log out a user, or for 
additional attacks such as reading their mail. By itself, guessing a 7 
character alphanumeric string just to log someone out of the system is a 
nuisance at best.

More information about the VIM mailing list