drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in uw-imapd
Name: |
Pufferüberlauf in uw-imapd
|
|
ID: |
200305-12 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 2. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
UW IMAP Server |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200305-12 --------------------------------------------------------------------
PACKAGE : uw-imapd SUMMARY : buffer overflow DATE : 2003-06-01 11:54 UTC EXPLOIT : remote VERSIONS AFFECTED : <uw-imapd-2002d FIXED VERSION : >=uw-imapd-2002d CVE :
--------------------------------------------------------------------
- From advisory:
"UW-imapd can also act as IMAP client, allowing user to connect to specified server. It is disabled for anonymous users, but allowed for everyone else (even with closedBox, blackBox or restrictBox enabled). So exploiting it could give you access to the system as the logged in user."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/uw-imapd upgrade to uw-imapd-2002d as follows
emerge sync emerge uw-imapd emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz prez@gentoo.org -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+2elufT7nyhUpoZMRAmlOAKCitC0oKI/kdV6MvKwGUoa5j5K3AwCgvY+8 aMWvvFF6iPRICVvdY7/ipYc= =nEu+ -----END PGP SIGNATURE-----
|
|
|
|