[KLUG Advocacy] Re: Cringley's predictions for 2003

Bruce Smith advocacy@kalamazoolinux.org
03 Jan 2003 10:56:57 -0500


> >Can someone post their procmail filter to eliminate TheBS messages? :-)
> 
> Procmail sucks.  Upgrade to Cyrus and use SIEVE.

There is one advantage of running Stock Redhat UW-IMAP RPM's.
(maybe the only advantage)  :-)

I can just "rpm -Uvh" when IMAP advisories come across:

------------------------------------------------------------------------
http://linux.oreillynet.com/pub/a/linux/2002/12/30/insecurities.html

The Cyrus IMAP Server

The Cyrus IMAP Server, an open source application that provides Internet
Message Access Protocol (IMAP) services, has a buffer overflow that can
be exploited prior to login to execute arbitrary code or to read other
users' email. This buffer overflow is present in versions of Cyrus IMAP
earlier than 2.1.10 and 2.0.16.

It is recommended that affected users upgrade to versions 2.0.17 or
2.1.11 of Cyrus IMAP as soon as possible.

Cyrus SASL library

Buffer overflows found in the Cyrus SASL (Simple Authentication and
Security Layer) library can, under some limited conditions, be exploited
to execute arbitrary code on the system with the permissions of the user
running the linked application.

Affected users should watch their vendor for an update to the Cyrus SASL
library.
------------------------------------------------------------------------

> >Sorry, it's early - blame it on the caffeine  ;->
> 
> Bruce hyper and twithy?  That is hard to imagine.

Donno.  What's "twithy"?

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------