[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FYI: Courier-IMAP Remote Format String Vulnerability (from 1.6.0 to 2.2.1 inclusive are vulnerable.)
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: FYI: Courier-IMAP Remote Format String Vulnerability (from 1.6.0 to 2.2.1 inclusive are vulnerable.)
- From: Jason Dixon <jason_(_at_)_dixongroup_(_dot_)_net>
- Date: Fri, 20 Aug 2004 13:55:22 -0400
On Aug 20, 2004, at 1:17 PM, Ben Goren wrote:
On 2004 Aug 20, at 9:00 AM, Wolfgang_(_dot_)_Anger_(_at_)_t-systems_(_dot_)_com wrote:
I can't find any reference to DEBUG_LOGIN anywhere in
$ grep -ri debug /etc/courier-imap
Is it reasonable to assume that it's not vulnerable?
The actual parameter is DEBUG_LOGIN, not debug (lc). It might match
comments in your imapd configuration, but then again, it might not.
I'm not going to assume that the default value is 0, but all you have
to do is tail your logfile while making a connection.
Jason Dixon, RHCE
Visit your host, monkey.org