Displaying 20 results from an estimated 10000 matches similar to: "Security hole #2: Off-by-one buffer overflow with mmap_disable=yes"
2014 Oct 15
0
mmap_disable=yes not honored always
Hi all, I'm experimenting with having the mail store on a 9p file system that lacks mmap() functionality. So I disabled it in dovecot: mmap_disable = yes However, I keep getting the following error messages in my log: Oct 15 16:55:00 computer-name dovecot: imap user at domain.com[192.168.1.3] Error: mmap() failed with file
2006 Nov 19
0
1.0.rc15 released
http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz
http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz.sig
* Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
* passdb checkpassword: Handle vpopmail's non-standard exit codes.
- rc14 sometimes assert-crashed if
2006 Nov 19
0
1.0.rc15 released
http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz
http://dovecot.org/releases/dovecot-1.0.rc15.tar.gz.sig
* Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
* passdb checkpassword: Handle vpopmail's non-standard exit codes.
- rc14 sometimes assert-crashed if
2011 Dec 12
1
Documentation clarifiction on mmap_disable
Greetings,
On http://wiki.dovecot.org/MainConfig I read:
"mmap_disable = no
Don't use mmap() at all. This is required if you store indexes to
shared filesystems (NFS or clustered filesystem). "
Does that mean:
1. mmap is required when using NFS or
2. it is required to don't use mmap at all when using NFS?
Sorry if this is obvious. Best regards.
--
*Marcio Merlone*
2006 Nov 19
1
Dovecot (unofficial) patches
Dear list,
As a recent dovecot addict, I'm a bit puzzled by the sheer amount of
patches available. I have not seen the history of these patches and I
could not find a README explainng the patches. Are all these personal
wishes/nice to have things or are they (to be) incorporated in
dovecot-final?
I use rpmbuild to create new rpms from the latest tarball but in that
process still several
2006 Nov 16
1
I/O leak
I upgraded from rc12 to rc14 last night... sifting through the logs I noticed
the following. I point this out since it appears dovecot is in high gear
bug-fix mode. This issue is not big for me; I rarely stop dovecot. My init.d
script for dovecot is basically
stop)
killall dovecot imap-login
I am guessing there might be a more graceful way to stop dovecot? Or rc14
fixed this? I see in
2006 Nov 12
2
1.0.rc14 released
http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz
http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz.sig
More fixes.
"Duplicate header extension keywords" is the only known problem (or if I
forgot something, remind me). I'll try to figure out a way to reproduce
it easily and then get it fixed.
* LDAP: Don't try to use ldap_bind() with empty passwords, since
Windows 2003
2006 Nov 12
2
1.0.rc14 released
http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz
http://dovecot.org/releases/dovecot-1.0.rc14.tar.gz.sig
More fixes.
"Duplicate header extension keywords" is the only known problem (or if I
forgot something, remind me). I'll try to figure out a way to reproduce
it easily and then get it fixed.
* LDAP: Don't try to use ldap_bind() with empty passwords, since
Windows 2003
2006 Nov 20
2
rc14 and rc15 performance issues
Hi,
I am stuck at rc13 because rc14 and rc15 have both failed to keep
up with imap connections on my (slow old) system. I have the problem
where if a lot of people check their email at once (like at the
top of the hour) then my load goes way up and things slow to a
crawl. My setup: Solaris 10 on an E220R, mbox format, imap and imaps
only. I also use "login_process_per_connection =
1997 Feb 14
0
Linux NLSPATH buffer overflow (fwd)
[Mod: Forwarded from bugtraq -- alex]
Hi!
I''m sorry if the information I''m going to tell about was already known, but
I hope it wasn''t...
I just occasionally found a vulnerability in Linux libc (actually, some of
the versions seem not to be vulnerable; my Slackware 3.1 box was though).
Unfortunately, I have no time for a real investigation right now, but
2007 Dec 24
0
is there a known exploit of Samba "reply_netbios_packet()" Buffer Overflow Vulnerability please ?
Hi,
We're running samba 3.0.25a as a PDC on FreeBSD 6.1 in our office and
few weeks ago, our samba PDC (and soon all the service hosted on this
server) stop responding suddenly :-/
Everything went back to normal as soon as we disconnected from the
network, all the hosts that were in the same room as the 10.0.0.20
host (after asking the domain user connected at that moment to this
host, do
2013 Feb 06
1
Trouble when set mail_nfs_index = yes
Hi Buddies,
dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=secret
default_pass_scheme = plain
password_query = SELECT username as user, password \
FROM mailbox WHERE username = '%u' AND active = 1
user_query = SELECT concat("/var/vmail/", maildir) as home, 125 as uid, 125
as gid FROM mailbox WHERE username = '%u'
2006 Nov 17
3
TLS timeout with Thunderbird
I'm trying to get dovecot working with various clients on my new
mailserver. I installed the base rc2 that comes with OpenBSD 4.0,
then upgraded to rc14 when I ran into problems with TLS and
Thunderbird. The server has no problems with Mail.app on my laptop,
but any connection attempts from Thunderbird timeout after the TCP
handshake.
13:53:41.074438 66.x.x.2.50483 >
2003 Apr 07
0
Fwd: [VulnWatch] [DDI-1013] Buffer Overflow in Samba allows remote root compromise
FYI
>Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm
>List-Post: <mailto:vulnwatch@vulnwatch.org>
>List-Help: <mailto:vulnwatch-help@vulnwatch.org>
>List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org>
>List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org>
>Delivered-To: mailing list vulnwatch@vulnwatch.org
1999 Sep 04
0
buffer overflow in proftpd-1.2.0pre4, supposed to be ''safe''
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---1463810815-1223308169-936489982=:15281
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.10.9909050208003.15329@prof.fr.nessus.org>
Hello,
ProFTPd, a FTP
2002 Apr 20
0
Buffer overflow in OpenSSH 2.2.0-3.1.0
Hi!
I just saw this on bugtraq. Does someone have more details about this?
Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable
buffer overflow
From: Marcell Fodor <m.fodor at mail.datanet.hu>
Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST)
To: bugtraq at securityfocus.com
effect:
local root
vulnerable services:
-pass Kerberos IV TGT
-pass AFS Token
bug
2013 May 17
0
Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-2072 / XSA-56
version 2
Buffer overflow in xencontrol Python bindings affecting xend
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
The Python bindings for the xc_vcpu_setaffinity call do not properly
check their inputs. Systems
1999 Sep 13
0
[RHSA-1999:037-01] Buffer overflow in mars_nwe
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Buffer overflow in mars_nwe
Advisory ID: RHSA-1999:037-01
Issue date: 1999-09-13
Updated on:
Keywords: mars_nwe buffer
Cross references:
---------------------------------------------------------------------
1. Topic:
There are several buffer overruns in the mars_nwe
1996 Dec 23
2
Buffer overflow in Linux''s login program [Forwarded e-mail from Joe Zbiciak]
------- start of forwarded message (RFC 934 encapsulation) -------
From: Joe Zbiciak <im14u2c@cegt201.bradley.edu>
Approved: alex@bach.cis.temple.edu
Sender: Bugtraq List <BUGTRAQ@netspace.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Subject: Buffer overflow in Linux''s login program
Date: Sun, 22 Dec 1996 09:27:24 -0600
Reply-To: Joe Zbiciak
2007 Dec 05
2
exim/kmail vs. dovecot
I am using exim via dovecot_deliver to store messages in Maildir in my $HOME.
I am using kmail to retrieve stuff. Unfortunately, something in my data
crashes dovecot.
I was using 1.0.rc14 from opensuse, but downloaded and installed 1.0.8 from
the site.
Here is the crash:
Dec 5 18:05:09 h743107 dovecot: IMAP(kris): file mail-index-transaction.c:
line 629 (mail_index_update_flags_range):