pjp Administrator
Joined: 16 Apr 2002 Posts: 20499
|
Posted: Sun Jun 01, 2003 4:01 pm Post subject: [gentoo-security] GLSA: uw-imapd (200305-12) |
|
|
Daniel Ahlberg wrote: | - - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-12
- - - ---------------------------------------------------------------------
PACKAGE : uw-imapd
SUMMARY : buffer overflow
DATE : 2003-06-01 11:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <uw-imapd-2002d
FIXED VERSION : >=uw-imapd-2002d
CVE :
- - - ---------------------------------------------------------------------
- From advisory:
"UW-imapd can also act as IMAP client, allowing user to connect to specified
server. It is disabled for anonymous users, but allowed for everyone else
(even with closedBox, blackBox or restrictBox enabled). So exploiting it
could give you access to the system as the logged in user."
Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/uw-imapd upgrade to uw-imapd-2002d as follows
emerge sync
emerge uw-imapd
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
prez@gentoo.org
- - - --------------------------------------------------------------------- |
Mailing List Archive: Unavailable _________________ Quis separabit? Quo animo? |
|