![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:018 - imap Date: Sat, 25 May 2002 22:09:29 +0100 (BST) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: imap Summary: buffer overflow allowing augmented access to server Date: 2002-05-25 ID: ERISA-2002:018 ========================================================================= Problem description: UW imapd version 2000c and older have a buffer overflow that allows a malicious user to send a malformed request that enables that user to run commands on the server with that user's UID and GID. This issue does not gain the attacker root privileges from a normal user login as the user must have already successfully logged into the imapd service. This exploit mainly affects email servers where the user has IMAP access but no shell access. ------------------------------------------------------------------------- Updated packages: 6bd290e533eced8f4c56acb450844f39 imap-2001a-2.src.rpm 4a51e33caf7d64208bc3a33e849bd360 imap-2001a-2.i386.rpm 32423cd94780d2e52cc018f2949fa333 imap-devel-2001a-2.i386.rpm ------------------------------------------------------------------------- References: http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.