Site Navigation

Date:      Fri, 17 Jul 1998 02:38:04 +0300 (EEST)
From:      Adrian Penisoara <ady@warpnet.ro>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: EMERGENCY: new remote root exploit in UW imapd
Message-ID:  <Pine.BSF.3.96.980717022146.4014I-101000@ady.warpnet.ro>
In-Reply-To: <199807162206.AAA30072@basement.replay.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Hi,

On Fri, 17 Jul 1998, Anonymous wrote:

> INTRODUCTION
> 
> On July 10, 1998 a message was posted to the University of Washington Pine
> mailing lists about a security problem in the UW imapd server released with
> Pine 4.00, viewable at:
> 
>     http://www.washington.edu/pine/pine-info/1998.07/msg00062.html
> 
> Out of curiosity, I decided to do some source code diffs to see what
> changed between the patched and unpatched versions of imapd.  Sure enough,
> there was a *major* security hole.  The message from the Pine developers
> failed, however, to underscore the severity of the hole hence this security
> advisory.
> 
> 

 The current port skeleton available at
   ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/mail/imap-uw
 is using a *vulnerable* source tarball !

 I have submitted a patch today to update the port to use the latest
source tarball on ftp.cac.washington.edu (grep the freebsd-ports mailing
list for the "imap-uw security hole -- please update port" subject).
 Until then you can use the attached patch which will update the port in
order to use the current source tarball.


  Adrian Penisoara
  Ady (@freebsd.ady.ro)

[-- Attachment #2 --]
�싮5imap-uw-4.1f.diff�Vko�6�,��[$@�Ԗ��-�P-�
����J�b6zM�����KJ�cκa0`�$���<;;��#1M����V����2t�5
ײ@�V��٩*�
��>t
��]{�h�^�z[�A�8�9YC���A�'	�8�'�祫��j�z%�!%�%���%��b�zH8���'�D|�D�;��D����*OŨR0.������y��AWu�N]���n�����䞀�P�铱�g4]so��E*�O~�	���ɞ�ZKY(�ν��\.��r���&Bu�-q��rp�y�j�z�V㒐�a
ĭ�����o�@Q�ZG��E���ny��W����P�u��΃����롢rT��ʴAD�����]~o��~T˼�We�ht�1��+ ��s����H�~���8N۰��wqqx����ŵ׹3TZ�V��ŷ�AQ�NX���?o�U�c��6�~��x�\�o4VFZ�0)�*�.齀�e��U|Ś�_Qe%�UeI2�<e�kt���P1����P��A�s`Uӈ
�y�f�+�X11�"�"�i�2u��Ú[�U�e�������p��6�-��Z�N�w���1&���c��q�y�wEO9�4�/Y�x��*D�(��j	
�m�媡�B�jᏧ�)lu������|<�l��~%?s���,��~���}hIH�mkI��m�=s�$��M�!�
�N�2�
Km�׶�-}�V{SU�h/^�2�8�3����߈�䈿]�/�kd�7 �"g��7��M�*͢��~�K��U����z⒨LK�ݜ?������b��������NW	VUs�ѭ՜?8�4u��Ȇ�v�f���`
lҏ��c��#��b���Y��b6�J�מ����
C'����^�����h;��ǖ����w	

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980717022146.4014I-101000>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact