For the record, all sites running Panda IMAP (imap-2008) have already replaced the vulnerable version of dmail (they did not run tmail). I've updated the panda.com/imap page to reflect that UW now has these fixes in its imap-2007d.
The tmail bug is by far the more serious of the two. Fortunately, as Steve indicates, remote exploitation of the bug is blocked by sendmail. Local exploitation by shell users is possible, and exploit code exists. This is a root-compromise exploit. The dmail problem is not locally exploitable since dmail runs as the user. Whether it is remotely exploitable depends upon how well the calling program (generally procmail) restricts its arguments. This has not been investigated in the name of "fix any security bug whether or not it is exploitable." -- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote. _________________________________________________________________ You live life beyond your PC. So now Windows goes beyond your PC. http://clk.atdmt.com/MRT/go/115298556/direct/01/_______________________________________________ Imap-uw mailing list [email protected] http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
