similar to: Security hole #2: Off-by-one buffer overflow with mmap_disable=yes

Hi all, I'm experimenting with having the mail store on a 9p file system that lacks mmap() functionality. So I disabled it in dovecot: mmap_disable = yes However, I keep getting the following error messages in my log: Oct 15 16:55:00 computer-name dovecot: imap user at domain.com[192.168.1.3] Error: mmap() failed with file

http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz.sig * Fixed an off-by-one buffer overflow in cache file handling. The code is executed only with mmap_disable=yes and only if index files are used (ie. INDEX=MEMORY is safe). * passdb checkpassword: Handle vpopmail's non-standard exit codes. - rc14 sometimes assert-crashed if

http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz.sig * Fixed an off-by-one buffer overflow in cache file handling. The code is executed only with mmap_disable=yes and only if index files are used (ie. INDEX=MEMORY is safe). * passdb checkpassword: Handle vpopmail's non-standard exit codes. - rc14 sometimes assert-crashed if

Greetings, On http://wiki.dovecot.org/MainConfig I read: "mmap_disable = no Don't use mmap() at all. This is required if you store indexes to shared filesystems (NFS or clustered filesystem). " Does that mean: 1. mmap is required when using NFS or 2. it is required to don't use mmap at all when using NFS? Sorry if this is obvious. Best regards. -- *Marcio Merlone*

Dear list, As a recent dovecot addict, I'm a bit puzzled by the sheer amount of patches available. I have not seen the history of these patches and I could not find a README explainng the patches. Are all these personal wishes/nice to have things or are they (to be) incorporated in dovecot-final? I use rpmbuild to create new rpms from the latest tarball but in that process still several

I upgraded from rc12 to rc14 last night... sifting through the logs I noticed the following. I point this out since it appears dovecot is in high gear bug-fix mode. This issue is not big for me; I rarely stop dovecot. My init.d script for dovecot is basically stop) killall dovecot imap-login I am guessing there might be a more graceful way to stop dovecot? Or rc14 fixed this? I see in

http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz.sig More fixes. "Duplicate header extension keywords" is the only known problem (or if I forgot something, remind me). I'll try to figure out a way to reproduce it easily and then get it fixed. * LDAP: Don't try to use ldap_bind() with empty passwords, since Windows 2003

http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz.sig More fixes. "Duplicate header extension keywords" is the only known problem (or if I forgot something, remind me). I'll try to figure out a way to reproduce it easily and then get it fixed. * LDAP: Don't try to use ldap_bind() with empty passwords, since Windows 2003

Hi, I am stuck at rc13 because rc14 and rc15 have both failed to keep up with imap connections on my (slow old) system. I have the problem where if a lot of people check their email at once (like at the top of the hour) then my load goes way up and things slow to a crawl. My setup: Solaris 10 on an E220R, mbox format, imap and imaps only. I also use "login_process_per_connection =

[Mod: Forwarded from bugtraq -- alex] Hi! I''m sorry if the information I''m going to tell about was already known, but I hope it wasn''t... I just occasionally found a vulnerability in Linux libc (actually, some of the versions seem not to be vulnerable; my Slackware 3.1 box was though). Unfortunately, I have no time for a real investigation right now, but

Hi, We're running samba 3.0.25a as a PDC on FreeBSD 6.1 in our office and few weeks ago, our samba PDC (and soon all the service hosted on this server) stop responding suddenly :-/ Everything went back to normal as soon as we disconnected from the network, all the hosts that were in the same room as the 10.0.0.20 host (after asking the domain user connected at that moment to this host, do

Hi Buddies, dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=postfix user=postfix password=secret default_pass_scheme = plain password_query = SELECT username as user, password \ FROM mailbox WHERE username = '%u' AND active = 1 user_query = SELECT concat("/var/vmail/", maildir) as home, 125 as uid, 125 as gid FROM mailbox WHERE username = '%u'

I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake. 13:53:41.074438 66.x.x.2.50483 >

FYI >Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm >List-Post: <mailto:vulnwatch@vulnwatch.org> >List-Help: <mailto:vulnwatch-help@vulnwatch.org> >List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org> >List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org> >Delivered-To: mailing list vulnwatch@vulnwatch.org

This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---1463810815-1223308169-936489982=:15281 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <Pine.LNX.4.10.9909050208003.15329@prof.fr.nessus.org> Hello, ProFTPd, a FTP

Hi! I just saw this on bugtraq. Does someone have more details about this? Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow From: Marcell Fodor <m.fodor at mail.datanet.hu> Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST) To: bugtraq at securityfocus.com effect: local root vulnerable services: -pass Kerberos IV TGT -pass AFS Token bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2072 / XSA-56 version 2 Buffer overflow in xencontrol Python bindings affecting xend UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Python bindings for the xc_vcpu_setaffinity call do not properly check their inputs. Systems

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in mars_nwe Advisory ID: RHSA-1999:037-01 Issue date: 1999-09-13 Updated on: Keywords: mars_nwe buffer Cross references: --------------------------------------------------------------------- 1. Topic: There are several buffer overruns in the mars_nwe

------- start of forwarded message (RFC 934 encapsulation) ------- From: Joe Zbiciak <im14u2c@cegt201.bradley.edu> Approved: alex@bach.cis.temple.edu Sender: Bugtraq List <BUGTRAQ@netspace.org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org> Subject: Buffer overflow in Linux''s login program Date: Sun, 22 Dec 1996 09:27:24 -0600 Reply-To: Joe Zbiciak

I am using exim via dovecot_deliver to store messages in Maildir in my $HOME. I am using kmail to retrieve stuff. Unfortunately, something in my data crashes dovecot. I was using 1.0.rc14 from opensuse, but downloaded and installed 1.0.8 from the site. Here is the crash: Dec 5 18:05:09 h743107 dovecot: IMAP(kris): file mail-index-transaction.c: line 629 (mail_index_update_flags_range):