[4793] in bugtraq
Re: Linux imapd remote vunerability.
daemon@ATHENA.MIT.EDU (Theo Van Dinter)
Wed Jun 25 20:50:41 1997
Date: Wed, 25 Jun 1997 12:16:20 -0400
Reply-To: Theo Van Dinter <felicity@KLUGE.NET>
From: Theo Van Dinter <felicity@KLUGE.NET>
X-To: inter <inter@BLUE.MISNET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.95.970625013633.8257B-100000@blue.misnet.com>
On Wed, 25 Jun 1997, inter wrote:
> sure however if it exists in slackware, (most slackware boxes I have seen
> dont even have imapd running default). Anyhow, RedHat 4.1 and under are
Slackware installs imap if you choose to install the pine/pico package.
However, I'm fairly certain that the daemon isn't run at bootup or from
inetd by default.
On an aside, during the last group of IMAP/POP exploits, I installed IMAP
4.1-BETA (snapshot in 2/97, available from
ftp://ftp.cac.washington.edu/mail/). It fixed the last set of buffer
overrun problems, and the latest exploit doesn't work either.
> exploitable. Just kill imapd no real point in running
> it anyhow.
Obviously if you don't need a daemon, shut it off.
--
Theo Van Dinter felicity@kluge.net
Systems Administrator - {kluge.net,chrysalis.com} felicity@chrysalis.com
