Date: Fri, 17 Jul 1998 02:38:04 +0300 (EEST) From: Adrian Penisoara <ady@warpnet.ro> To: freebsd-security@FreeBSD.ORG Subject: Re: EMERGENCY: new remote root exploit in UW imapd Message-ID: <Pine.BSF.3.96.980717022146.4014I-101000@ady.warpnet.ro> In-Reply-To: <199807162206.AAA30072@basement.replay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1242273055-900632284=:4014 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, On Fri, 17 Jul 1998, Anonymous wrote: > INTRODUCTION > > On July 10, 1998 a message was posted to the University of Washington Pine > mailing lists about a security problem in the UW imapd server released with > Pine 4.00, viewable at: > > http://www.washington.edu/pine/pine-info/1998.07/msg00062.html > > Out of curiosity, I decided to do some source code diffs to see what > changed between the patched and unpatched versions of imapd. Sure enough, > there was a *major* security hole. The message from the Pine developers > failed, however, to underscore the severity of the hole hence this security > advisory. > > The current port skeleton available at ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/mail/imap-uw is using a *vulnerable* source tarball ! I have submitted a patch today to update the port to use the latest source tarball on ftp.cac.washington.edu (grep the freebsd-ports mailing list for the "imap-uw security hole -- please update port" subject). Until then you can use the attached patch which will update the port in order to use the current source tarball. Adrian Penisoara Ady (@freebsd.ady.ro) --0-1242273055-900632284=:4014 Content-Type: APPLICATION/octet-stream; name="imap-uw-4.1f.diff.gz" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.BSF.3.96.980717023804.4014J@ady.warpnet.ro> Content-Description: imap-uw 4.1 FINAL port update H4sICOyLrjUCA2ltYXAtdXctNC4xZi5kaWZmAOVWa2/bNhT9LP+KWyRAt9SW rJctC/NQLZYNt7ET2NoaDAMCSqRiNnpNpOIEhfvbS0qxYxfOumEbMGCCHiTv k/cckTw7O4MZuiMxTYial/RWmeUZvKsyAAd00zUN17JAHwycVqfT2akq45IK rQT0PnQN19Bde9BonR1esg96W+9B3QM4gTlZQ5GXnEGUJwmJOBUR0yfHEOel q9AUFZ1q3Xol1H8hJZMaJfm9oiXBrmKpekg4qp2NECcQlUR8hEQZwDuUyUT6 tfTDKk/FqFIwLvv12OkUu7t5tO9BV3WzTl3r9rRuHwzT7equ4QDj5J6A/1DA 6ZOxyGc0XQZzb+YPmxxFKupPfuAJydX7yZ6gWktZKIzOvcCfXC6m/nKopIgm QnXmLQN/cbOcBnJwxXnhatp6vVbjkpCQYQHErfa5jq/Bb8JAUeJaR7zVCEXq GrEVzW55nqkEV5qMqIlQ/nWw8M6Dm+XP4+uhonJUqr/KtEFEnM4D8fiLXX5v t8EQflTLvIZXAGWDaHT+MaD+KyCNp3Pv4gWU/gxI/379j/44Ttuwt3+Od3Fx E3iLiR8MlZDFtde5M1QUWuQFVh2QjsW3qUFRkk5Y0QS7kj9vo1WaY+jbNpx+ +rB4v1ycbzRWRlrOMCm0KqMPGi7pvYDwZYX0DlV8xZoZnQBfUQZlJagQVWVJ Mp48AmXZaw4REnTBkJdQMYLbEJIIiRZQ/ppBlnNgVRzTiAob4HntjGaMCyv4 WDExtiKgIqhphjIMEhF11QaWw5oAW+VVgmWcrRHKHrnEAxAH0X/VcLnfNqwt mf9a7U4Oinfyf6veMSYag7a5Y6K4cd55sndFTzn9NJ0vA1nlkRd4m70qRJ0o kalqCQ23bZXlqqHqQutq4Y+n1xspbHWkm4vR+eV8PJ1soJN+JT8Ic7W4nCy8 2X6kGsLmfWhJHkj0bWtJhPpt/D1z85i5JKThtE2zIeSxCptO2zKaCktts9e2 zC19FeWQVntTVZ1oL16KMvk42jOf9/IWnN+I/eSIv132L/prZK03IO4iZ/wZ /jffxE3cKs2ipMIEfpBLntxV1PTux3rikqhMS7HdnD+Wgob1+aMHYom3u7uT hazKTlcJVlVzAOmB0a3VnD84gDR1FYv6yIbvDnbuZpX+HoZgDWzSj7GDY72L I9PpYtvu6whZ4YD0Yhw2q0oDydee6u3l2RUKQyeO+70Io16v69j9CBmWaDum 08eWEbe+AAP+ghN3CQAA --0-1242273055-900632284=:4014-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980717022146.4014I-101000>