[16512] in bugtraq
Re: UW c-client library vulnerability
daemon@ATHENA.MIT.EDU (Josh Higham)
Sat Sep 2 13:51:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <03e401c01466$e31b22c0$3ceefcce@adhara.bigsky.net>
Date: Fri, 1 Sep 2000 16:49:26 -0600
Reply-To: Josh Higham <jhigham@BIGSKY.NET>
From: Josh Higham <jhigham@BIGSKY.NET>
X-To: Juhapekka Tolvanen <juhtolv@ST.JYU.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
-----Original Message-----
From: Juhapekka Tolvanen <juhtolv@ST.JYU.FI>
To: BUGTRAQ@SECURITYFOCUS.COM <BUGTRAQ@SECURITYFOCUS.COM>
Date: Friday, September 01, 2000 3:56 PM
Subject: UW c-client library vulnerability
>It seems, that c-client libraries by University of Washington have
>some bug(s), that makes some programs that depend upon those libraries
>go crazy. AFAIK affected programs include at least Pine (read "pain"),
>ipop3d and IMAPD. And those programs and libraries are commonly used in
>Unixes. I don't know, if any patch, fix, work-around etc. exist.
>Looks like all boxes get an extra message inserted. It looks something
>like this:
>
>,-----
>| From MAILER-DAEMON Wed Aug 30 09:54:25 2000
>| Delivery-Date: Thu May 11 21:51:47 2000
>| Date: Thu, 11 May 2000 21:51:47 +0200 (MET DST)
>| From: Mail System Internal Data <MAILER-DAEMON@host.com>
>| Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
>
>I don't know if it's the IMAP daemon or the pine client who is responsible
>for this.
The header may be causing some problems with PINE and/or IMAP that cause it
to misparse the mailbox, but the 'INTERNAL DATA' message is created by the
UW IMAP/POP3 daemon when you first connect. The first time it happened I
couldn't figure out the problem, because I only used POP once or twice,
normally using pine. Later I was responsible for a multiuser system, and
every POP mailbox had that message. AFAIK it is coincidental that these
people first saw it in pine after receiving your message. Perhaps they
usually just POP, but after receiving that file used pine to investigate
things?
As a note if you change POP daemons from UW to something else, remember to
delete that first message from the mailboxes, or your users will send you a
message or two (hundred) :-).
Josh Higham
