--On Friday, December 06, 2002 1:27 AM +0100 Simon Josefsson
[EMAIL PROTECTED] wrote:
Any comment on why it took over a month to react to this reported
vulnerability?
Hi Simon,
You'll note that it has taken me almost a month to respond to your message.
This is mostly because I get very
On Tue, 3 Dec 2002, Rob Siemborski wrote:
We'll be officially deprecating 1.x as of now (removal from the web
and ftp sites except for the archives, etc).
If anyone on the list is running 1.6.25 still I'd be interested in
comparing fixes to this overflow bug in 1.6.25 code.
T.
I don't see why it existing with literals after login would concern you if
it didn't concern you before login.
In our configuration we were more concerned about post login. We have
done some more testing and it appears that this is a none issue in the
64 bit environment.
Thanks for your
list concerning a buffer
overflow in Cyrus IMAP server.
Can somebody confirm this?
Date: Mon, 2 Dec 2002 19:56:06 +0200
From: Timo Sirainen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: pre-login buffer overflow in Cyrus IMAP server
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Hi,
Regarding the recently announced vulnerability
http://online.securityfocus.com/archive/1/301864/2002-11-29/2002-12-05/0
Does a similar vulnerability exist with literals after login?
Thank you.
Saira Hasnain
Its the same parsing code (with one or two exceptions).
I don't see why it existing with literals after login would concern you if
it didn't concern you before login.
Of course, they are properly limited in 2.1.11 and 2.0.17.
-Rob
On Thu, 5 Dec 2002 [EMAIL PROTECTED] wrote:
Hi,
Regarding
Rob Siemborski [EMAIL PROTECTED] writes:
On Tue, 3 Dec 2002, Nels Lindquist wrote:
On 3 Dec 2002 at 9:57, Steve Wright wrote:
The message below is forwarded from bugtraq.
I've not seen any discussion of this, is an official fix available ?
The semi-exploit shown does indeed segfault
Hello,
The message below is forwarded from bugtraq.
I've not seen any discussion of this, is an official fix available ?
The semi-exploit shown does indeed segfault imapd processes on my Debian
(sid) boxes.
Steve.
-- Forwarded Message --
Subject: pre-login buffer overflow
On 3 Dec 2002 at 9:57, Steve Wright wrote:
The message below is forwarded from bugtraq.
I've not seen any discussion of this, is an official fix available ?
The semi-exploit shown does indeed segfault imapd processes on my Debian
(sid) boxes.
I'd imagine there should be patches for 1.6.24
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 3 Dec 2002, Nels Lindquist wrote:
On 3 Dec 2002 at 9:57, Steve Wright wrote:
The message below is forwarded from bugtraq.
I've not seen any discussion of this, is an official fix available ?
The semi-exploit shown does indeed segfault
10 matches
Mail list logo