Date: Thu, 16 Jul 1998 12:20:18 -0400 From: matt <mbehrens@iserv.net> To: Adrian Penisoara <ady@warpnet.ro>, Steve Price <sprice@hiwaay.net> Cc: FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: [Fwd: UW IMAP bug -- more information?] Message-ID: <35AE2842.302ACB17@iserv.net>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------FC48EAB6490EA2F5A9AA90CC Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Here's your information from Terry Gray. root compromise... hmm is that serious? should I be worried? :) Someone should also let freebsd-security know when it's done too, I think :) I volunteer. --------------FC48EAB6490EA2F5A9AA90CC Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from mailhost1.u.washington.edu (mailhost1.u.washington.edu [140.142.32.2]) by megaweapon.zigg.com (8.8.8/8.8.8) with ESMTP id MAA00306 for <matt@megaweapon.zigg.com>; Thu, 16 Jul 1998 12:14:14 -0400 (EDT) (envelope-from gray@cac.washington.edu) Received: from D-140-142-110-126.dhcp2.washington.edu (D-140-142-110-126.dhcp2.washington.edu [140.142.110.126]) by mailhost1.u.washington.edu (8.8.4+UW97.07/8.8.4+UW98.06) with SMTP id JAA15474; Thu, 16 Jul 1998 09:12:22 -0700 Date: Thu, 16 Jul 1998 09:14:55 -0700 (Pacific Daylight Time) From: Terry Gray <gray@cac.washington.edu> To: Matt Behrens <matt@megaweapon.zigg.com> Subject: Re: UW IMAP bug -- more information? In-Reply-To: <Pine.BSF.3.96.980716115816.29675D-100000@megaweapon.zigg.com> Message-ID: <Pine.WNT.4.00.9807160910070.163-100000@tegdesk_ndc> Organization: University of Washington; Computing & Communications X-X-Sender: gray@shivams.cac.washington.edu MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset = US-ASCII Are you talking about the recent root-compromise bug? My understanding is that it was a buffer overrun vulnerability in the code that handles the IMAP AUTHENTICATE command. I don't know whether anyone has actually written an exploit for it (yet). It affects all versions of UW's IMAP 4.1 servers prior to last weekend. It's fixed in the latest ftp.cac.washington.edu/mail/imap.tar.Z -teg On Thu, 16 Jul 1998, Matt Behrens wrote: > Hi, > > I'm conversing with two guys responsible for the UW IMAP package as it > comes with FreeBSD. Do you have any more information on this bug that > we can test with? > > Thanks. > > Matt Behrens <matt@zigg.com> > Founder and Chief Engineer, The OverNet Network > I eat Penguins for breakfast. > > --------------FC48EAB6490EA2F5A9AA90CC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35AE2842.302ACB17>