IMAP buffer overflow Date: Tuesday, May 28 2002 Topic: Security IMAP buffer overflow. Problem description:   UW imapd version 2000c and older have a buffer overflow that allows a   malicious user to send a malformed request that enables that user to   run commands on the server with that user's UID and GID. This issue   does not gain the attacker root privileges from a normal user login as   the user must have already successfully logged into the imapd service.   This exploit mainly affects email servers where the user has IMAP access   but no shell access. ------------------------------------------------------------------------- Updated packages:   6bd290e533eced8f4c56acb450844f39  imap-2001a-2.src.rpm   4a51e33caf7d64208bc3a33e849bd360  imap-2001a-2.i386.rpm   32423cd94780d2e52cc018f2949fa333  imap-devel-2001a-2.i386.rpm ------------------------------------------------------------------------- References:   http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download   the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System This article comes from osforge.com http://www.osforge.com The URL for this story is: http://www.osforge.com/news/00781.html