Fwd: pre-login buffer overflow in Cyrus IMAP server
rjs3 at andrew.cmu.edu
Tue Dec 3 15:43:29 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 3 Dec 2002, Nels Lindquist wrote:
> On 3 Dec 2002 at 9:57, Steve Wright wrote:
> > The message below is forwarded from bugtraq.
> > I've not seen any discussion of this, is an official fix available ?
> > The "semi-exploit" shown does indeed segfault imapd processes on my Debian
> > (sid) boxes.
> I'd imagine there should be patches for 1.6.24 and 2.0.16, as well as
There are now fixes in CVS for both the pre-login vulnerability and the
sieve vulnerability for 2.0 (cyrus-2-0-tail) and 2.1 (HEAD). I expect
them to be migrated over to the 2.2 branch (cyrus-imapd-2_2) later today
or early tomorrow.
We'll be officially deprecating 1.x as of now (removal from the web
and ftp sites except for the archives, etc).
I expect to have the new releases out within a day or so after I can give
them some further testing.
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76
-----END PGP SIGNATURE-----
More information about the Info-cyrus