From owner-freebsd-ports Thu Jul 16 09:22:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA04008 for freebsd-ports-outgoing; Thu, 16 Jul 1998 09:22:37 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from mail.iserv.net (mail.iserv.net [204.177.184.19]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA03820 for ; Thu, 16 Jul 1998 09:21:59 -0700 (PDT) (envelope-from mbehrens@iserv.net) Received: from iserv.net (wibble.iserv.net [206.114.47.48]) by mail.iserv.net (8.8.5/8.8.5) with ESMTP idi; Thu, 16 Jul 1998 12:22:30 -0400 (EDT)MAA17650; Thu, 16 Jul 1998 12:22:30 -0400 (EDT) Message-ID: <35AE2842.302ACB17@iserv.net> Date: Thu, 16 Jul 1998 12:20:18 -0400 From: matt X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Adrian Penisoara , Steve Price CC: FreeBSD ports Subject: [Fwd: UW IMAP bug -- more information?] Content-Type: multipart/mixed; boundary="------------FC48EAB6490EA2F5A9AA90CC" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------FC48EAB6490EA2F5A9AA90CC Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Here's your information from Terry Gray. root compromise... hmm is that serious? should I be worried? :) Someone should also let freebsd-security know when it's done too, I think :) I volunteer. --------------FC48EAB6490EA2F5A9AA90CC Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from mailhost1.u.washington.edu (mailhost1.u.washington.edu [140.142.32.2]) by megaweapon.zigg.com (8.8.8/8.8.8) with ESMTP id MAA00306 for ; Thu, 16 Jul 1998 12:14:14 -0400 (EDT) (envelope-from gray@cac.washington.edu) Received: from D-140-142-110-126.dhcp2.washington.edu (D-140-142-110-126.dhcp2.washington.edu [140.142.110.126]) by mailhost1.u.washington.edu (8.8.4+UW97.07/8.8.4+UW98.06) with SMTP id JAA15474; Thu, 16 Jul 1998 09:12:22 -0700 Date: Thu, 16 Jul 1998 09:14:55 -0700 (Pacific Daylight Time) From: Terry Gray To: Matt Behrens Subject: Re: UW IMAP bug -- more information? In-Reply-To: Message-ID: Organization: University of Washington; Computing & Communications X-X-Sender: gray@shivams.cac.washington.edu MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset = US-ASCII Are you talking about the recent root-compromise bug? My understanding is that it was a buffer overrun vulnerability in the code that handles the IMAP AUTHENTICATE command. I don't know whether anyone has actually written an exploit for it (yet). It affects all versions of UW's IMAP 4.1 servers prior to last weekend. It's fixed in the latest ftp.cac.washington.edu/mail/imap.tar.Z -teg On Thu, 16 Jul 1998, Matt Behrens wrote: > Hi, > > I'm conversing with two guys responsible for the UW IMAP package as it > comes with FreeBSD. Do you have any more information on this bug that > we can test with? > > Thanks. > > Matt Behrens > Founder and Chief Engineer, The OverNet Network > I eat Penguins for breakfast. > > --------------FC48EAB6490EA2F5A9AA90CC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message