[2008] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: IMAPD fix for RH

daemon@ATHENA.MIT.EDU (djb@redhat.com)
Mon Jul 20 17:56:20 1998

To: Duncan Simpson <dps@io.stargate.co.uk>
cc: linux-security@redhat.com
In-reply-to: <199807191248.NAA26212@io.stargate.co.uk>  from Duncan Simpson <dps@io.stargate.co.uk>  on Sun, 19 Jul 1998 13:48:52 +0200.
Date: Mon, 20 Jul 1998 13:46:31 -0400
From: djb@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


Please take note that the security announcement below has been amended.
You *are* vulnerable if you simply have "imap" installed.  You do not
need to have edited /etc/inetd.conf.

That is, the stock /etc/inetd.conf *does* have imap support turned on by
default.  If you have "imap" installed you should uninstall it or upgrade
to the update IMMEDIATELY.


> You probably know this already, but the following notice appeared to bugtraq.
> 
> ------- Forwarded Message
> 
> Date: 	Thu, 16 Jul 1998 23:25:45 -0400
> Reply-To: twiztah <twiztah@ANARCHY.MAXHO.COM>
> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> From: twiztah <twiztah@ANARCHY.MAXHO.COM>
> Subject:      SECURITY: imap-4.1.final now available
> To: BUGTRAQ@NETSPACE.ORG
> 
> - ---[another forward from redhat.com's security mailing list]---
> 
> Serious security problems have been found in all versions of IMAP shipped
> with Red Hat Linux. If you have enable the IMAP server on your workstation
> (you have to edit /etc/inetd.conf to do this; if you have never done this,
> you are not vulnerable to these problems), please upgrade to these
> new IMAP releases immediately.
> 
> Thanks to everyone who helped find these problem, Olaf Kirch in particular.
> 
> Red Hat 5.0 and 5.1
> - - -------------------
> 
> i386:
> rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/imap-4.1.final-1.i386.rpm
> 
> alpha:
> rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/imap-4.1.final-1.alpha.rpm
> 
> SPARC:
> rpm -Uvh ftp://ftp.redhat.com/updates/5.0/sparc/imap-4.1.final-1.sparc.rpm
> 
> Red Hat 4.2
> - - -------------
> 
> i386:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/imap-4.1.final-0.i386.rpm
> 
> alpha:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/imap-4.1.final-0.alpha.rpm
> 
> SPARC:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/imap-4.1.final-0.sparc.rpm
> 
> 
> ------- End of Forwarded Message
> 
> 
> -- 
> Duncan (-:
> "software industry, the: unique industry where selling substandard goods is
> legal and you can charge extra for fixing the problems."
> 
> -- 
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
> 
> To unsubscribe:
>   mail -s unsubscribe linux-security-request@redhat.com < /dev/null
> 


--
 Donnie Barnes    http://www.redhat.com/~djb    djb@redhat.com   "Bah."
   Challenge Diversity.  Ignore People.  Live Life.  Use Linux.  879.
My Dad used to say I have deceptive quickness.  I'm slower than I look.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post