From 66368ffe6ca571f23a73228dac73e613fc1385be Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Sun, 23 Apr 2000 22:06:25 +0000 Subject: Note a local mailbox DoS vulnerability, advisory forthcoming. --- mail/imap-uw/pkg-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mail/imap-uw/pkg-install b/mail/imap-uw/pkg-install index 05200dccd71d..6257ca0fce8f 100644 --- a/mail/imap-uw/pkg-install +++ b/mail/imap-uw/pkg-install @@ -5,7 +5,7 @@ case $2 in POST-INSTALL) ;; PRE-INSTALL) - if dialog --yesno "This port is not safe to use on a system which does not\nprovide shell access to users who can retrieve mail via IMAP.\nimapd contains buffer overflows which a user can exploit\nafter they have logged into imap to get access to their\naccount on the machine. If your imap users have shell access\nanyway, this is not a significant vulnerability.\n\nDo you wish to proceed with the build?" 13 65 < ${TTY} >${TTY} 2>&1; then + if dialog --yesno "This port is not safe to use on a system which does not\nprovide shell access to users who can retrieve mail via IMAP.\nimapd contains buffer overflows which a user can exploit\nafter they have logged into imap to get access to their\naccount on the machine. If your imap users have shell access\nanyway, this is not a significant vulnerability.\n\nThere is also a vulnerability wherein local users can prevent\narbitrary POP2/3 mailboxes from being opened, and force IMAP\nmailboxes to only open read-only.\n\nDo you wish to proceed with the build?" 16 65 < ${TTY} >${TTY} 2>&1; then exit 0 else exit 1 -- cgit v1.2.3