Bugtraq mailing list archives
Re: Vulnerability in Elm-ME+
From: Kari.Hurtta () ozone FMI FI (Kari E. Hurtta)
Date: Sat, 17 May 1997 22:16:03 +0300
John Goerzen:
Hello, I have confirmed that the recently-reported vulnerability in Elm is also present in Elm-ME+ and thus also in Debian GNU/Linux version 1.2, prerelease version 1.3, and development tree "unstable".
OK. I made fix to Elm 2.4ME+ PL32 (25)
Posted to alt.sources and comp.mail.elm with
Message-ID: <elm2.4ME+/PL32/1 () ozone FMI FI>
Archive-name: elm2.4ME+/PL32
Available on ftp.ozone.FMI.FI
via anonymous ftp
directory KEH/
files elm-2.4ME+32.tar.gz
and elm-2.4ME+PL32.patch.gz
Also available with
<URL: http://www.ozone.FMI.FI/KEH/elm-2.4ME+32.tar.gz >
and <URL: http://www.ozone.FMI.FI/KEH/elm-2.4ME+PL32.patch.gz >
via WWW.
/ Kari Hurtta
--------------------------------------------------------------
Version Elm2.4ME+ PL0 (25) is based to version Elm2.4 PL24 ME8b+.
Version Elm2.4 PL24 ME8b+ is based to version Elm2.4 PL24 ME8b.
Version Elm2.4 PL24 ME8b is done by Michael Elkins <elkins.aero.org>.
For details, look file ANNOUNCE.ME
[ Equivalent of MIME code in Elm2.4 PL24 ME8b is posted to
Elm Development Cordinator ]
Version Elm2.4 PL24 ME8b is based to version Elm2.4 PL24.
Version Elm2.4ME+ PLx (25) includes patch of version Elm2.4 PL25.
Changes of Elm2.4ME+ PL32 (25) compared to Elm2.4ME+ PL31 (25)
---------------------------------------------------------------
- Incorrect Content-length: -header was causing corruption
of folders.
From: Guy Harris <guy () netapp com>
- argv_from_to was not handled ',' in comments correctly.
Detected from report of Gary Casterline
<casterln () nature Berkeley EDU>
> Use rfc822_toklen instead of len_next_part
- SECURITY: strcpy -> strfcpy changes of Elm2.4ME+ PL29 (25)
was not done for curses.c in this source tree.
Bug report on List <BUGTRAQ () NETSPACE ORG>.
From: John Goerzen <jgoerzen () happy cs twsu edu>
- Some changes on curses.c (bl -- bell)
- Change output of option -v
- "If you use 'answer -u', then every user name is truncated to
three letters." ... "Change line 232 to: " ...
From: Jean-Pierre Radley <jpr () jpr com>
[ Suggested fix was incorrect. ]
- "Configure always has had a problem on Linux systems,
extracting names in a usuable format (from /usr/lib/libc.so).
The following small change fixes this."
From: Bauke Jan Douma <bjdouma () xs4all nl>
- "In Solaris enviroment NIS+ is now used instead of Yellow
Pages so I have modified Configure to reflect this and
allow to use niscat in the same fashion as ypcat was."
From: Jerzy Sobczyk <J.Sobczyk () ia pw edu pl>
- Compilation of filter (actions.c) fail.
Reported by: Arnout Boer <arnoutb () xs4all nl>
- Typo mismatch in lib/strftime.c
From: Yuval Shamir <yuvals () iil intel com>
- [wordwrap.c, bultin editor]
"Wordwrap and delete at the
beginning of the line does not work in PL31. Fix is below."
From: "Zoltan T. Hidvegi" <hzoli () VNET IBM COM>
[ I didn't used supplied patch. ]
- [builtin editor] There was 'sizeof buffer' instead of
'buffer_size' in get_with_expansion()
- Add same fflush -fix to remail.c which is in mailmsg2.c
Current thread:
- Reminder for irix ppl Nafees Bin Zafar (May 14)
- Re: Reminder for irix ppl Mike Neuman (May 15)
- Vulnerability in Elm-ME+ John Goerzen (May 15)
- Re: Vulnerability in Elm-ME+ Kari E. Hurtta (May 17)
- Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 17)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Adam Morrison (May 19)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 19)
- Interim solution for ps Joe Zbiciak (May 19)
- Re: Interim solution for ps Steven Kirby (May 19)
- The rest of the exploit is here! Solaris 2.5.1 ps! Joe Zbiciak (May 18)