[2019] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: IMAPD fix for RH

daemon@ATHENA.MIT.EDU (Bill Dimmick)
Wed Jul 29 02:46:39 1998

Date: Tue, 21 Jul 1998 10:02:08 -0400 (EDT)
From: Bill Dimmick <bfdimmic@eos.ncsu.edu>
To: linux-security@redhat.com
In-Reply-To: <199807210326.XAA01541@chef.redhat.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Mon, 20 Jul 1998 djb@redhat.com wrote:

> 
> > It appears that uninstalling the imap rpm uninstalls the pop mail service as
> > well, or at least disables it.  Is this uncool?  Is it safe to leave it
> > installed (but removed from inetd.conf) for the sake of keeping pop service in
> > place?
> 
> I'm not sure, actually.  The POP code comes from the imap package, so
> presumably you need to updated it *all* if you use any of it to make
> sure you are safe from attack.  
> 

	Actually, as far as I know, the attack is isolated to imapd,
not the pop3 daemon.  Even though you guys bundle these together, I think
disabling imapd in /etc/inetd.conf is enough, because that denies an
attacker access to the service exploited.

	Does the POP3 use any of the same insecure code as the IMAP?

> I'd just update the package to the latest one and leave imap enabled.

	OR update and take IMAP out if you don't need it...one less thing
on the teets of the CPU.

	-BFD-
	
------------------------------------------------------------------------
[Bill Dimmick]  [http://www4.ncsu.edu/~bfdimmic] [bfdimmic@eos.ncsu.edu]
"No boom today, boom tomorrow, there is always a boom tomorrow...What?!
      Look, somebody's got to have some damn perspective around here...
      Sooner or later...BOOM!!"  -Ivonova, Babylon 5 [Grail]
------------------------------------------------------------------------

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post