[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FYI: Courier-IMAP Remote Format String Vulnerability (from 1.6.0 to 2.2.1 inclusive are vulnerable.)



On Aug 20, 2004, at 1:17 PM, Ben Goren wrote:

On 2004 Aug 20, at 9:00 AM, Wolfgang_(_dot_)_Anger_(_at_)_t-systems_(_dot_)_com wrote:
I can't find any reference to DEBUG_LOGIN anywhere in
/etc/courier-imap/:

     $ grep -ri debug /etc/courier-imap
     $

Is it reasonable to assume that it's not vulnerable?

The actual parameter is DEBUG_LOGIN, not debug (lc). It might match comments in your imapd configuration, but then again, it might not. I'm not going to assume that the default value is 0, but all you have to do is tail your logfile while making a connection.



-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net



Visit your host, monkey.org