Bugtraq mailing list archives
Re: Vulnerability in Elm-ME+
From: Kari.Hurtta () ozone FMI FI (Kari E. Hurtta)
Date: Sat, 17 May 1997 22:16:03 +0300
John Goerzen:
Hello, I have confirmed that the recently-reported vulnerability in Elm is also present in Elm-ME+ and thus also in Debian GNU/Linux version 1.2, prerelease version 1.3, and development tree "unstable".
OK. I made fix to Elm 2.4ME+ PL32 (25) Posted to alt.sources and comp.mail.elm with Message-ID: <elm2.4ME+/PL32/1 () ozone FMI FI> Archive-name: elm2.4ME+/PL32 Available on ftp.ozone.FMI.FI via anonymous ftp directory KEH/ files elm-2.4ME+32.tar.gz and elm-2.4ME+PL32.patch.gz Also available with <URL: http://www.ozone.FMI.FI/KEH/elm-2.4ME+32.tar.gz > and <URL: http://www.ozone.FMI.FI/KEH/elm-2.4ME+PL32.patch.gz > via WWW. / Kari Hurtta -------------------------------------------------------------- Version Elm2.4ME+ PL0 (25) is based to version Elm2.4 PL24 ME8b+. Version Elm2.4 PL24 ME8b+ is based to version Elm2.4 PL24 ME8b. Version Elm2.4 PL24 ME8b is done by Michael Elkins <elkins.aero.org>. For details, look file ANNOUNCE.ME [ Equivalent of MIME code in Elm2.4 PL24 ME8b is posted to Elm Development Cordinator ] Version Elm2.4 PL24 ME8b is based to version Elm2.4 PL24. Version Elm2.4ME+ PLx (25) includes patch of version Elm2.4 PL25. Changes of Elm2.4ME+ PL32 (25) compared to Elm2.4ME+ PL31 (25) --------------------------------------------------------------- - Incorrect Content-length: -header was causing corruption of folders. From: Guy Harris <guy () netapp com> - argv_from_to was not handled ',' in comments correctly. Detected from report of Gary Casterline <casterln () nature Berkeley EDU> > Use rfc822_toklen instead of len_next_part - SECURITY: strcpy -> strfcpy changes of Elm2.4ME+ PL29 (25) was not done for curses.c in this source tree. Bug report on List <BUGTRAQ () NETSPACE ORG>. From: John Goerzen <jgoerzen () happy cs twsu edu> - Some changes on curses.c (bl -- bell) - Change output of option -v - "If you use 'answer -u', then every user name is truncated to three letters." ... "Change line 232 to: " ... From: Jean-Pierre Radley <jpr () jpr com> [ Suggested fix was incorrect. ] - "Configure always has had a problem on Linux systems, extracting names in a usuable format (from /usr/lib/libc.so). The following small change fixes this." From: Bauke Jan Douma <bjdouma () xs4all nl> - "In Solaris enviroment NIS+ is now used instead of Yellow Pages so I have modified Configure to reflect this and allow to use niscat in the same fashion as ypcat was." From: Jerzy Sobczyk <J.Sobczyk () ia pw edu pl> - Compilation of filter (actions.c) fail. Reported by: Arnout Boer <arnoutb () xs4all nl> - Typo mismatch in lib/strftime.c From: Yuval Shamir <yuvals () iil intel com> - [wordwrap.c, bultin editor] "Wordwrap and delete at the beginning of the line does not work in PL31. Fix is below." From: "Zoltan T. Hidvegi" <hzoli () VNET IBM COM> [ I didn't used supplied patch. ] - [builtin editor] There was 'sizeof buffer' instead of 'buffer_size' in get_with_expansion() - Add same fflush -fix to remail.c which is in mailmsg2.c
Current thread:
- Reminder for irix ppl Nafees Bin Zafar (May 14)
- Re: Reminder for irix ppl Mike Neuman (May 15)
- Vulnerability in Elm-ME+ John Goerzen (May 15)
- Re: Vulnerability in Elm-ME+ Kari E. Hurtta (May 17)
- Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 17)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Adam Morrison (May 19)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 19)
- Interim solution for ps Joe Zbiciak (May 19)
- Re: Interim solution for ps Steven Kirby (May 19)
- The rest of the exploit is here! Solaris 2.5.1 ps! Joe Zbiciak (May 18)