Patch-ID# 105346-12 Keywords: security mail sims memory leak C2 Synopsis: Solstice Internet Mail Server 2.0: Misc. fixes Date: Mar/22/00 Solaris Release: 2.4 2.5 2.5.1 2.6 SunOS Release: 5.4 5.5 5.5.1 5.6 Unbundled Product: Solstice Internet Mail Server (SIMS) Unbundled Release: 2.0 Xref: This patch available for i386 as patch 105347 Relevant Architectures: sparc BugId's fixed with this patch: 4027023 4032699 4032702 4036747 4041967 4043793 4047271 4064402 4065149 4085341 4087431 4089078 4090888 4097314 4113147 4116907 4116910 4152325 4154314 4158523 4167246 4178343 4181381 4191853 4200859 4271621 4282031 4309582 Changes incorporated in this version: 4309582 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: 105526-01 Patches required with this patch: Obsoleted by: Files included with this patch: /opt/SUNWimap/lib/imapd /opt/SUNWipop/lib/ipop3d Problem Description: 4309582 popserver locking code overhead hurts performance (from 105346-11) 4282031 dtmail doesn't show attachments. 4271621 SIMS20 imapd dumps core. (from 105346-10) 4200859 Delete open mailbox causes SEGFaults to the server. 4191853 server crashes on null-body msg. 4181381 mailboxes locked by wrong uid. 4113147 STATUS mbox (uidnext) returns wrong answer if mbox is not selected first. 4064402 SUNWipop install fails if inetd.conf already had entries regarding pop3. (from 105346-09) 4178343 LSUB doesn't return correct information. 4154314 pop3 server timeout is too long. (from 105346-08) 4041967 protocol violation in the POP3 UIDL command. (from 105346-07) 4167246 Multi-line commands not handled properly in -04 and later patches. 4158523 Security Bug: CERT* Advisory CA-98.09 - Through a buffer overflow, it is possible to get privledged access. 4152325 Very large messages caused core dumps. 4032699 imapd APPEND results in 1-byte write to the server. (from 105346-06) 4116907 Spurious error message during a FETCH 4116910 Improper parsing of "" with "\" characters (from 105346-05) 4097314 After installing patch 105346-04 imapd coredumps on literals. (from 105346-04) 4090888 popserver sends Status: header with no value to pop client 4089078 imapd waits for new client data before sending data (from 105346-03) 4085341 memory leak occurs in solaris_abort. 4065149 Neither imapd nor ipop3d worked at all in a C2 secure environment. 4027023 Fixed a 12 byte per command memory leak. (from 105346-02) Bugs 4027023 and 4085341 were prematurely incorporated. (from 105346-01) 4087431 V3 translation problem. us-ascii was translated as x-sun-us-ascii Now, us-ascii ==> us-ascii. 4047271 Allow command line option for syslog logging of login and logout events in both imapd and ipop3d. (See Special Instructions, below.) 4043793 Security Bug: CERT* Advisory CA-97.09: Fixed obscure Security problem with LONG usernames. 4036747 Added support for SIGTERM. 4032702 short cut for LIST "" INBOX Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Instructions: --------------------- This patch contains a fix that will disable syslog logging feature for imapd or ipop3d. By default, no login or logout messages will be written to the syslog file. If you wish to have these messages being logged, you will need to turn on the logging switch by adding a "-l" option in file /etc/inetd.conf. For instance, change line below from: "imap stream tcp nowait root /opt/SUNWimap/lib/imapd imapd" to: "imap stream tcp nowait root /opt/SUNWimap/lib/imapd imapd -l". This will enable the logging feature for all imapd daemons that will be run on your server. Vice versa, remove the option if you wish to disable it again.