LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

UW imapd remotely exploitable buffer overflow

Package(s):imap CVE #(s):CAN-2002-0379
Created:June 5, 2002 Updated:December 20, 2002
Description: UW imapd versions 2000c and prior allow remote authenticated users to execute code via a buffer overflow. A malicious user can craft a request to run commands on the server under their UID and GID. (First LWN report: May 23).
Alerts:
SuSE SuSE-SA:2002:048 2002-12-20
Trustix 2002-0054 2002-06-06
EnGarde ESA-20020607-013 2002-06-07
Yellow Dog YDU-20020606-1 2002-06-06
Red Hat RHSA-2002:092-11 2002-05-22
Mandrake MDKSA-2002:034 2002-05-27
Eridani ERISA-2002:018 2002-05-25
Conectiva CLA-2002:487 2002-05-24
SCO Group CSSA-2002-021.0 2002-05-15
(Log in to post comments)

imapd overflow: show me the diff!

Posted Jun 14, 2002 11:18 UTC (Fri) by yem (guest, #1138) [Link]

Can someone please point me to a source patch to fix this problem?

All I see are vendor updates - the uw-imap homepage shows the latest stable version dated late 2001 and it seems they don't consider a bug exploitable only by authenticated users to be very important.

imapd overflow: show me the diff!

Posted Dec 24, 2002 20:17 UTC (Tue) by barrygould (guest, #4774) [Link]

Well, I suppose you could get the source rpms from redhat and diff them yourself.

Barry

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds