Re: [off-topic] Hackers exploit Linux mail ?worm?

Paul Vojta (vojta@math.berkeley.edu)
Tue, 4 May 1999 16:11:45 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kurt Garloff: "Re: [RFC] Unifying kernel initialization"
Previous message: Kurt Garloff: "Re: [Fwd: SMP/Zip/SCSI Lockups]"
Maybe in reply to: Alexandre Hautequest: "[off-topic] Hackers exploit Linux mail ?worm?"
Next in thread: david parsons: "Re: [off-topic] Hackers exploit Linux mail ?worm?"

David Parsons wrote:
> In article <linux.kernel.Pine.LNX.3.96.990503173258.8708A-100000@calvin.captech.com>,
> >No Linux distribution is shipping that version of IMAP.
> >ALL linux distributions published fixes.
>
> Umm, I don't think so.

Thank you for your very valuable contribution to the bandwidth.

> ____
> david parsons \bi/ So, which version of IMAP is that?
> \/

>From the CERT advisory cited in the article:

| All versions of the University of Washington IMAP server prior to the final
| (frozen, non-beta) version of imap-4.1 that support SASL server-level
| authentication are vulnerable. The vulnerability affects all University
| of Washington IMAP4rev1 servers prior to v10.234. Also, any v10.234 server
| that was distributed with Pine 4.0 or any imap-4.1.BETA is vulnerable.

The article indicates that Red Hat distributed a fix.

Debian is currently distributing IMAP version 4.4.

So, which linux distribution is still shipping an old version of IMAP?

--Paul Vojta, vojta@math.berkeley.edu

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kurt Garloff: "Re: [RFC] Unifying kernel initialization"
Previous message: Kurt Garloff: "Re: [Fwd: SMP/Zip/SCSI Lockups]"
Maybe in reply to: Alexandre Hautequest: "[off-topic] Hackers exploit Linux mail ?worm?"
Next in thread: david parsons: "Re: [off-topic] Hackers exploit Linux mail ?worm?"