LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Eridani alert ERISA-2002:018 (imap)

From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:018 - imap
Date:	 Sat, 25 May 2002 22:09:29 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	imap
Summary:	buffer overflow allowing augmented access to server
Date:		2002-05-25
ID:		ERISA-2002:018

=========================================================================

Problem description:

  UW imapd version 2000c and older have a buffer overflow that allows a
  malicious user to send a malformed request that enables that user to
  run commands on the server with that user's UID and GID. This issue
  does not gain the attacker root privileges from a normal user login as
  the user must have already successfully logged into the imapd service.
  This exploit mainly affects email servers where the user has IMAP access
  but no shell access.

-------------------------------------------------------------------------
Updated packages:

  6bd290e533eced8f4c56acb450844f39  imap-2001a-2.src.rpm

  4a51e33caf7d64208bc3a33e849bd360  imap-2001a-2.i386.rpm
  32423cd94780d2e52cc018f2949fa333  imap-devel-2001a-2.i386.rpm

-------------------------------------------------------------------------
References:

  http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds