Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in uw-imapd
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in uw-imapd
ID: 200305-12
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mo, 2. Juni 2003, 13:00
Referenzen: Keine Angabe
Applikationen: UW IMAP Server

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-12
--------------------------------------------------------------------

PACKAGE : uw-imapd
SUMMARY : buffer overflow
DATE : 2003-06-01 11:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <uw-imapd-2002d
FIXED VERSION : >=uw-imapd-2002d
CVE :

--------------------------------------------------------------------

- From advisory:

"UW-imapd can also act as IMAP client, allowing user to connect to
specified
server. It is disabled for anonymous users, but allowed for everyone else
(even with closedBox, blackBox or restrictBox enabled). So exploiting it
could give you access to the system as the logged in user."

Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/uw-imapd upgrade to uw-imapd-2002d as follows

emerge sync
emerge uw-imapd
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
prez@gentoo.org
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+2elufT7nyhUpoZMRAmlOAKCitC0oKI/kdV6MvKwGUoa5j5K3AwCgvY+8
aMWvvFF6iPRICVvdY7/ipYc=
=nEu+
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung