drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in uw-imapd
| Name: |
Pufferüberlauf in uw-imapd
|
|
| ID: |
200305-12 |
|
| Distribution: |
Gentoo |
|
| Plattformen: |
Keine Angabe |
|
| Datum: |
Mo, 2. Juni 2003, 13:00 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
UW IMAP Server |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-12
--------------------------------------------------------------------
PACKAGE : uw-imapd
SUMMARY : buffer overflow
DATE : 2003-06-01 11:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <uw-imapd-2002d
FIXED VERSION : >=uw-imapd-2002d
CVE :
--------------------------------------------------------------------
- From advisory:
"UW-imapd can also act as IMAP client, allowing user to connect to
specified
server. It is disabled for anonymous users, but allowed for everyone else
(even with closedBox, blackBox or restrictBox enabled). So exploiting it
could give you access to the system as the logged in user."
Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/uw-imapd upgrade to uw-imapd-2002d as follows
emerge sync
emerge uw-imapd
emerge clean
--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
prez@gentoo.org
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+2elufT7nyhUpoZMRAmlOAKCitC0oKI/kdV6MvKwGUoa5j5K3AwCgvY+8
aMWvvFF6iPRICVvdY7/ipYc=
=nEu+
-----END PGP SIGNATURE-----
|
|
|
|
