Displaying 20 results from an estimated 6000 matches similar to: "sieve security problem"
2006 Nov 28
1
GNU Tar vulnerability
Please, note: http://secunia.com/advisories/23115/
A port maintainer CC'ed.
--
Dixi.
Sem.
2005 Apr 05
1
Secunia / Firefox Javascript "Arbitrary Memory Exposure" test
I just confirmed the following bug on my firefox.
http://secunia.com/advisories/14820/
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0
(I think my firefox is a month or two behind, from ports, but the
advisary indicates both 1.0.1 and 1.0.2 are effected.)
FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004
2013 Aug 14
1
SA54438
http://secunia.com/advisories/54438/
Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):
This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a
2008 May 28
4
CVE-2008-1105 - Boundary failure when parsing SMB responses
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Boundary failure when parsing SMB responses
== can result in a buffer overrun
==
== CVE ID#: CVE-2008-1105
==
== Versions: Samba 3.0.0 - 3.0.29 (inclusive)
==
== Summary: Specifically crafted SMB responses can result
== in a heap overflow
2007 Sep 29
1
security bugs (?)
As a Cygwin rsync package maintainer, the following security fixes have
been brought to my attention:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch
And while they seem "trusted" enough to me (present in many packages
such as Gentoo, FreeBSD
2007 Dec 10
1
[SECURITY] Buffer overrun in send_mailslot()
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Boundary failure in GETDC mailslot
== processing can result in a buffer overrun
==
== CVE ID#: CVE-2007-6015
==
== Versions: Samba 3.0.0 - 3.0.27a (inclusive)
==
== Summary: Specifically crafted GETDC mailslot requests
== can trigger a
2007 Oct 08
5
3.1.1 RC4?
Keir,
I noticed that a Shadow patch went into the 3.1.1 staging tree today.
Does this mean that we should expect a 4th release candidate before the
3.1.1 release tag is official?
If so - how much testing time are you going to give that release
candidate before deciding whether a release tag, or another RC round is
appropriate?
Ben Guthro
_______________________________________________
2010 May 19
6
dovecot2 latest beta5 acl not working properly ?
Hi
i tested acls with some clients
horde/imp mulberry thunderbird squirrelmail kmail
and i couldnt get it run proberly
i have no problems testing setacl etc with plain
telnet session, and i have no error in verbose logging
but it looks like acl is only working partly with some clients
so show acls is working mostly but setting only partly
horde/imp and mulberry dont show any acls
any idea?
--
2005 Apr 21
6
Information disclosure?
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
2008 Jul 13
3
folder deletion fails dbox
Hi Timo,
playing a lot with dbox
but folder deletion seems to me broken,
whatever setting i tested i cant delete subfolders
with thunderbird, i first thought about acls
but deactivate acl didnt helped
splitting control an index files from dbox also didnt work,
i cant find any failure message in the logs,
but there is also no entry for delete trys
all debug level are in the highest stage on this
2009 May 17
3
example sql acl_shared_dict wiki
Hi Timo,
wiki says
---------
Shared mailbox listing
.....
You could use any dictionary backend, such as SQL or Berkeley DB, but a
simple flat file should work pretty well too:
plugin {
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes.db
}
....
--------
could you include an example for having
acl_shared_dict in sql ?
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
2004 Dec 27
4
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home
page defaced one dark morning. The patch for phpBB is here.
http://www.phpbb.com/downloads.php
The excerpt of the log is attached.
I believe the link to the described exploit is here.
http://secunia.com/advisories/13239
The defacement braggen page is here filter to show the exploited FreeBSD
machines that aneurysm.inc
2005 Feb 14
2
SMBLDAP-TOOLS IDEALX vs Samba src
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi @ll,
just a version Question to the gurus,
i found SMBLDAP-TOOLS version 0.7 in the Samba sources
but today there was an upgrade to
smbldap-tools 0.8.7 by IDEALX
will the samba team upgrade SMBLDAP-TOOLS
in the samba sources too?
If not what are the reasons not to do so?
- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
2007 Apr 03
2
detailed info about acls with virtual users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi @ll,
i try use acl with imap with dovecot latest
but i dont get trough , is there more info online then written in the wiki ?
i have a setup like
http://wiki.dovecot.org/DovecotLDAPostfixAdminMySQL
but with this acl dont seems to work , and folders arent reported with
acls to i.e thnderbird
- --
Mit freundlichen Gruessen
Best Regards
Robert
2009 Jul 10
2
Relative home directory paths not supported 1.2.1 broke my setup
Hi Timo,guess
this patch break my setup
http://hg.dovecot.org/dovecot-1.2/rev/dd49cf3fd2c9
the log entry does not look very right cause i dont use relative paths
or i missinterpreted somthing here
Jul 10 21:12:29 dovecot: Error: Relative home directory paths not
supported (user robert at schetterer.com):
maildir:/usr/local/virtual/schetterer.com/robert at schetterer.com/
how can i get my old
2008 Sep 24
2
dovecot 1.2.alpha1 quota dict driver mysql broken
Hi Timo,
quota dict seems to be broken with 1.2.alpha1
MAP(robert at schetterer.com): read(/var/run/dovecot/dict-server) failed:
Remote disconnected
dovecot: Sep 24 18:43:16 Error: dict: Error in configuration file
/etc/dovecot/dovecot-dict-quota.conf line 1: Unknown setting: driver
dovecot: Sep 24 18:43:16 Error: dict: Failed to initialize dictionary
'quotadict'
2007 Feb 02
2
broken attachments with pop3
Hi all,
ive just upgrade to rc21 ( so i dont know perhaps this report failure is
fixed with this release )
i have reports from users that attachments get broken ( with rc19, dont
know about before ) with some accounts , which where downloaded via a
pop3 service to a exchange server, but in fact nothing is broken when
looking with imap to the mailboxes
Has anyone an idea, i havent any failure logs
2008 Jun 20
2
acl imap_capability ? 1.1.rc12
Hi all, is acl ( with acl plugin enabled )
anounced in imap_capability list by dovecot
i cant find it in telnet tests, so is it my fault or
is it default beavior using 1.1.rc12
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
2009 Aug 14
2
xtreemfs
Hi @ll,
has anybody tried this with dovecot yet ?
http://www.xtreemfs.org/
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
2008 Jul 11
2
dovecot 1.1.1 dbox public namespace problem
Hi @ll
i have somthing like
namespace public {
separator = /
prefix = "public/"
location = dbox:/usr/local/virtual/%d/public
inbox = no
list = yes
subscriptions = yes
hidden = no
}
which works nice if i set
location = maildir:/usr/local/virtual/%d/public
%d expansion works right with maildir
but if user mailboxes are on dbox with public namespace
too, dovecot