From owner-freebsd-security Tue Mar 4 07:17:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA26094 for security-outgoing; Tue, 4 Mar 1997 07:17:34 -0800 (PST) Received: from nic.follonett.no (nic.follonett.no [194.198.43.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA26086 for ; Tue, 4 Mar 1997 07:17:29 -0800 (PST) Received: (from uucp@localhost) by nic.follonett.no (8.8.5/8.8.3) with UUCP id QAA29125 for security@freebsd.org; Tue, 4 Mar 1997 16:15:54 +0100 (MET) Received: from oo7 (oo7.dimaga.com [192.0.0.65]) by dimaga.com (8.7.5/8.7.2) with SMTP id QAA11611 for ; Tue, 4 Mar 1997 16:18:58 +0100 (MET) Message-Id: <3.0.32.19970304161858.00c3c710@dimaga.com> X-Sender: eivind@dimaga.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 04 Mar 1997 16:19:00 +0100 To: security@freebsd.org From: Eivind Eklund Subject: Old imapd, ipop2d, ipop3d Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Yesterday, a security hole allowing remote root was discovered in imapd, ipop2 and ipop3d (NOT popper). If you are running versions of these older than 4.1-BETA (eg, the versions enclosed with 2.1.0 (and 2.1.5?)), it is a _very_ good idea to upgrade to the version presently in the ports collection. The executables in question is in /usr/local/libexec/{imapd,ipop2d,ipop3d} - if these are old (not from 1997) you are certain to be afflicted with the bug. (Does this belong in freebsd-announce? RedHat put out an announcement...) Eivind Eklund perhaps@yes.no http://maybe.yes.no/perhaps/ eivind@freebsd.org