From owner-freebsd-security Mon Apr 17 18:18:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id B6F6137B6BE; Mon, 17 Apr 2000 18:18:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA95510; Mon, 17 Apr 2000 18:18:43 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 17 Apr 2000 18:18:43 -0700 (PDT) From: Kris Kennaway To: "Michael S. Fischer" Cc: security@freebsd.org Subject: Re: Fw: Re: imapd4r1 v12.264 In-Reply-To: <005601bfa8ae$0ad3ece0$7f00800a@corp.auctionwatch.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 17 Apr 2000, Michael S. Fischer wrote: > This is the current version in the ports collection. Help! Briefly, the vulnerability seems to be that someone who has a mail account on the server can get access to the user account which runs imapd. I don't think it's something that can be exploited by an outsider, so it might be that in your environment the threat is not significant. As for workarounds, stay tuned..I havent seen a patch yet. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message