Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Jul 1998 02:38:04 +0300 (EEST)
From:      Adrian Penisoara <ady@warpnet.ro>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: EMERGENCY: new remote root exploit in UW imapd
Message-ID:  <Pine.BSF.3.96.980717022146.4014I-101000@ady.warpnet.ro>
In-Reply-To: <199807162206.AAA30072@basement.replay.com>

next in thread | previous in thread | raw e-mail | index | archive | help

[-- Attachment #1 --]
Hi,

On Fri, 17 Jul 1998, Anonymous wrote:

> INTRODUCTION
> 
> On July 10, 1998 a message was posted to the University of Washington Pine
> mailing lists about a security problem in the UW imapd server released with
> Pine 4.00, viewable at:
> 
>     http://www.washington.edu/pine/pine-info/1998.07/msg00062.html
> 
> Out of curiosity, I decided to do some source code diffs to see what
> changed between the patched and unpatched versions of imapd.  Sure enough,
> there was a *major* security hole.  The message from the Pine developers
> failed, however, to underscore the severity of the hole hence this security
> advisory.
> 
> 

 The current port skeleton available at
   ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/mail/imap-uw
 is using a *vulnerable* source tarball !

 I have submitted a patch today to update the port to use the latest
source tarball on ftp.cac.washington.edu (grep the freebsd-ports mailing
list for the "imap-uw security hole -- please update port" subject).
 Until then you can use the attached patch which will update the port in
order to use the current source tarball.


  Adrian Penisoara
  Ady (@freebsd.ady.ro)

[-- Attachment #2 --]
싮5imap-uw-4.1f.diffVko6,[$@Ԗ-P-
Jb6zMKJcκa0`$<;;#1MV2t5
ײ@V٩*
>t
]{h^z[A89YCA'	8'祫jz%!%%%bzH8'D|D;D*OŨR0.yAWuN]n䞀P铱g4]soE*O~	ɞZKY(ν\.r&Bu-qrpyjzV㒐aĭo@QZGEnyWPu΃롢rTʴAD]~o~T˼Weht1+ sH~8N۰wqqxŵ׹3TZVŷAQNX?oUc6~x\o4VFZ0)*.齀eU|Ś_Qe%UeI2<ektP1PAs`Uӈ
yf+X11""i2uÚ[Uep6-ZNw1&cqywEO94/Yx*D(j	
m媡BjᏧ)lu|<l~%?s,~}hIHmkIm=s$M!
N2
Km׶-}V{SUh/^283߈䈿]/kd7 "g7M*͢~KUz⒨LKݜ?bNW	VUsѭ՜?84uȆvf`
lҏc#bYb6Jמ
C'^h;ǖw	

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980717022146.4014I-101000>