[13986] in bugtraq
Re: MMDF
daemon@ATHENA.MIT.EDU (NAI Labs)
Wed Feb 23 14:50:19 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000001bf7dab$b362cee0$4d2f45a1@jmagdych.na.nai.com>
Date: Tue, 22 Feb 2000 19:11:38 -0800
Reply-To: seclabs@nai.com
From: NAI Labs <seclabs@NAI.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All versions of the publicly available MMDF prior to version
2.44.b4 are vulnerable. The version of MMDF distributed with SCO
OpenServer was found to be vulnerable, and NAI's advisory was based
on this information.
The latest stable version is 2.44 and NOT 2.43 as previously stated.
The latest version of MMDF, which has not been vulnerable to these
attacks for some time, has been recently updated and is available at:
ftp://www.mathematik.uni-kl.de/pub/Sources/mail+news/mmdf/
- -rw-r--r-- 1 mmdf mail 1416811 Feb 21 22:59 mmdf-2.44-final.tar.gz
Also, as previously mentioned, patches for the vulnerable version
shipped with SCO OpenServer are available from:
http://www.sco.com/security.
Please feel free to contact us with any additional questions.
NAI Security Labs
seclabs@nai.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>
iQA/AwUBOLNP6qF4LLqP1YESEQIJegCguaPr65jZFdQUvi1+3idzAVyB3WcAnA5L
x3moOvs7biru0kZr7U1xnCm3
=i6aM
-----END PGP SIGNATURE-----
