Date: Thu, 16 Jul 1998 12:20:18 -0400 From: matt <mbehrens@iserv.net> To: Adrian Penisoara <ady@warpnet.ro>, Steve Price <sprice@hiwaay.net> Cc: FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: [Fwd: UW IMAP bug -- more information?] Message-ID: <35AE2842.302ACB17@iserv.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------FC48EAB6490EA2F5A9AA90CC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Here's your information from Terry Gray. root compromise... hmm is that
serious? should I be worried? :)
Someone should also let freebsd-security know when it's done too, I
think :) I volunteer.
--------------FC48EAB6490EA2F5A9AA90CC
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Received: from mailhost1.u.washington.edu (mailhost1.u.washington.edu [140.142.32.2])
by megaweapon.zigg.com (8.8.8/8.8.8) with ESMTP id MAA00306
for <matt@megaweapon.zigg.com>; Thu, 16 Jul 1998 12:14:14 -0400 (EDT)
(envelope-from gray@cac.washington.edu)
Received: from D-140-142-110-126.dhcp2.washington.edu (D-140-142-110-126.dhcp2.washington.edu [140.142.110.126])
by mailhost1.u.washington.edu (8.8.4+UW97.07/8.8.4+UW98.06) with SMTP
id JAA15474; Thu, 16 Jul 1998 09:12:22 -0700
Date: Thu, 16 Jul 1998 09:14:55 -0700 (Pacific Daylight Time)
From: Terry Gray <gray@cac.washington.edu>
To: Matt Behrens <matt@megaweapon.zigg.com>
Subject: Re: UW IMAP bug -- more information?
In-Reply-To: <Pine.BSF.3.96.980716115816.29675D-100000@megaweapon.zigg.com>
Message-ID: <Pine.WNT.4.00.9807160910070.163-100000@tegdesk_ndc>
Organization: University of Washington; Computing & Communications
X-X-Sender: gray@shivams.cac.washington.edu
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset = US-ASCII
Are you talking about the recent root-compromise bug?
My understanding is that it was a buffer overrun vulnerability in the code
that handles the IMAP AUTHENTICATE command. I don't know whether anyone
has actually written an exploit for it (yet). It affects all versions of
UW's IMAP 4.1 servers prior to last weekend.
It's fixed in the latest ftp.cac.washington.edu/mail/imap.tar.Z
-teg
On Thu, 16 Jul 1998, Matt Behrens wrote:
> Hi,
>
> I'm conversing with two guys responsible for the UW IMAP package as it
> comes with FreeBSD. Do you have any more information on this bug that
> we can test with?
>
> Thanks.
>
> Matt Behrens <matt@zigg.com>
> Founder and Chief Engineer, The OverNet Network
> I eat Penguins for breakfast.
>
>
--------------FC48EAB6490EA2F5A9AA90CC--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35AE2842.302ACB17>