IMAP buffer overflow
 |
|
Problem description:
UW imapd version 2000c and older have a buffer overflow that allows a
malicious user to send a malformed request that enables that user to
run commands on the server with that user's UID and GID. This issue
does not gain the attacker root privileges from a normal user login as
the user must have already successfully logged into the imapd service.
This exploit mainly affects email servers where the user has IMAP access
but no shell access.
-------------------------------------------------------------------------
Updated packages:
6bd290e533eced8f4c56acb450844f39 imap-2001a-2.src.rpm
4a51e33caf7d64208bc3a33e849bd360 imap-2001a-2.i386.rpm
32423cd94780d2e52cc018f2949fa333 imap-devel-2001a-2.i386.rpm
-------------------------------------------------------------------------
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
| | |
|
|
 Currently there are no Talkback posted on "IMAP buffer overflow", Click here to be the first to post a talkback.
|
|
|
| |
