Pufferüberlauf in uw-imap
ID: | MDKSA-2002:034 |
Distribution: | Mandrake |
Plattformen: | Mandrake 7.1, Mandrake 7.2, Mandrake Corporate Server 1.0.1, Mandrake 8.1, Mandrake 8.2 |
Datum: | Fr, 7. Juni 2002, 13:00 |
Referenzen: | Keine Angabe |
Applikationen: | GNU Mailutils |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: imap Advisory ID: MDKSA-2002:034 Date: May 27th, 2002 Affected versions: 7.1, 7.2, 8.1, 8.2, Corporate Server 1.0.1 ________________________________________________________________________ Problem Description: A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system. ________________________________________________________________________ References: http://online.securityfocus.com/archive/1/271958 ________________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: c65c6c70be4cd76d2611f17d9af3a798 7.1/RPMS/imap-2000c-4.9mdk.i586.rpm dc43ec1852fddc2492b24bbaf0e01cc4 7.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm 2a4197b14d17ab31a8aa0745c60e052e 7.1/SRPMS/imap-2000c-4.9mdk.src.rpm Linux-Mandrake 7.2: 38732ca373f484e5a4bce42eaefbdfe4 7.2/RPMS/imap-2000c-4.8mdk.i586.rpm c46b69fa7cce34a93205db7a88c9e620 7.2/RPMS/imap-devel-2000c-4.8mdk.i586.rpm 381d74cfd1824f7632d4fa468b5a8305 7.2/SRPMS/imap-2000c-4.8mdk.src.rpm Mandrake Linux 8.0: 34da61af1da42335283e8b560e72ec69 8.0/RPMS/imap-2000c-4.7mdk.i586.rpm 9b636fbf72fba4012c955e60781a3047 8.0/RPMS/imap-devel-2000c-4.7mdk.i586.rpm d1af6459ff7640ec72cde68299459828 8.0/SRPMS/imap-2000c-4.7mdk.src.rpm Mandrake Linux 8.0/ppc: 1cd673e699d837f2f5dd4da0014dd396 ppc/8.0/RPMS/imap-2000c-4.7mdk.ppc.rpm 79d2219a885e12c92449cf2bd27956c4 ppc/8.0/RPMS/imap-devel-2000c-4.7mdk.ppc.rpm d1af6459ff7640ec72cde68299459828 ppc/8.0/SRPMS/imap-2000c-4.7mdk.src.rpm Mandrake Linux 8.1: 47671a2da4809d2d7cf5bd637881eb74 8.1/RPMS/imap-2000c-7.1mdk.i586.rpm e9fca108eface6c6845509d2496dd1fb 8.1/RPMS/imap-devel-2000c-7.1mdk.i586.rpm 59712bcf649dc27f54d95fa4bcff38c7 8.1/SRPMS/imap-2000c-7.1mdk.src.rpm Mandrake Linux 8.1/ia64: 7306d3e9febbc79fe996e26689f5d3d8 ia64/8.1/RPMS/imap-2000c-7.1mdk.ia64.rpm 581ba9e939c21a73f7f6945a903d8c50 ia64/8.1/RPMS/imap-devel-2000c-7.1mdk.ia64.rpm 59712bcf649dc27f54d95fa4bcff38c7 ia64/8.1/SRPMS/imap-2000c-7.1mdk.src.rpm Mandrake Linux 8.2: 6f76f364c6c5c9ba37a200bfec94021c 8.2/RPMS/imap-2001a-5.1mdk.i586.rpm 43729a72c87d22c1b711f89c767be6f3 8.2/RPMS/imap-devel-2001a-5.1mdk.i586.rpm ff5a17dd361ff95911f76cb9fe656f6f 8.2/SRPMS/imap-2001a-5.1mdk.src.rpm Mandrake Linux 8.2/ppc: 354f1dcc7493c194281f20a4bc693013 ppc/8.2/RPMS/imap-2001a-5.1mdk.ppc.rpm d688b6748fec7f9a844ab3f643b01efc ppc/8.2/RPMS/imap-devel-2001a-5.1mdk.ppc.rpm ff5a17dd361ff95911f76cb9fe656f6f ppc/8.2/SRPMS/imap-2001a-5.1mdk.src.rpm Corporate Server 1.0.1: c65c6c70be4cd76d2611f17d9af3a798 1.0.1/RPMS/imap-2000c-4.9mdk.i586.rpm dc43ec1852fddc2492b24bbaf0e01cc4 1.0.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm 2a4197b14d17ab31a8aa0745c60e052e 1.0.1/SRPMS/imap-2000c-4.9mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig |