-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.

We recommend you upgrade your ipopd package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
     
-0slink2.diff.gz
      MD5 checksum: 606f893869069eee68f4c1e31392af29
     -
0slink2.dsc
      MD5 checksum: 93ed80a3619586ff9f3246003aca2448
     
      MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac
  
  Sun Sparc architecture:
     
sparc/c-client-dev_4.5-0slink2_sparc.deb
      MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc
     
sparc/imap_4.5-0slink2_sparc.deb
      MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b
     
sparc/ipopd_4.5-0slink2_sparc.deb
      MD5 checksum: aa6621e2f7e2df751489c397e9e169a8
  
  Intel ia32 architecture:
     i386/c-
client-dev_4.5-0slink2_i386.deb
      MD5 checksum: fd92656c7281a4d8322b6da1285475cd
     
i386/imap_4.5-0slink2_i386.deb
      MD5 checksum: c92eaece7e431c84708909362afad07d
     
i386/ipopd_4.5-0slink2_i386.deb
      MD5 checksum: 29685847b0eef8307383a428b1d02be2
  
  Motorola 680x0 architecture:
     m68k/c-
client-dev_4.5-0slink2_m68k.deb
      MD5 checksum: eeab449299e9f2d3fc97db69110b4432
     
m68k/imap_4.5-0slink2_m68k.deb
      MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764
     
m68k/ipopd_4.5-0slink2_m68k.deb
      MD5 checksum: d43f502971afc531923903f3ac7b5b3f
  
  Alpha architecture:
     
alpha/c-client-dev_4.5-0slink2_alpha.deb
      MD5 checksum: 6732ae9495ee29590ed85cc482fbda97
     
alpha/imap_4.5-0slink2_alpha.deb
      MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b
     
alpha/ipopd_4.5-0slink2_alpha.deb
      MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0


  These files will be copied into
    soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb debian 
stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV
0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq
TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx
=Z3ew
-----END PGP SIGNATURE-----

New version if ipopd prevents exploit

December 13, 1999
We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package

Summary

We recommend you upgrade your ipopd package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

Source archives:

-0slink2.diff.gz
MD5 checksum: 606f893869069eee68f4c1e31392af29
-
0slink2.dsc
MD5 checksum: 93ed80a3619586ff9f3246003aca2448

MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac

Sun Sparc architecture:

sparc/c-client-dev_4.5-0slink2_sparc.deb
MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc

sparc/imap_4.5-0slink2_sparc.deb
MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b

sparc/ipopd_4.5-0slink2_sparc.deb
MD5 checksum: aa6621e2f7e2df751489c397e9e169a8

Intel ia32 architecture:
i386/c-
client-dev_4.5-0slink2_i386.deb
MD5 checksum: fd92656c7281a4d8322b6da1285475cd

i386/imap_4.5-0slink2_i386.deb
MD5 checksum: c92eaece7e431c84708909362afad07d

i386/ipopd_4.5-0slink2_i386.deb
MD5 checksum: 29685847b0eef8307383a428b1d02be2

Motorola 680x0 architecture:
m68k/c-
client-dev_4.5-0slink2_m68k.deb
MD5 checksum: eeab449299e9f2d3fc97db69110b4432

m68k/imap_4.5-0slink2_m68k.deb
MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764

m68k/ipopd_4.5-0slink2_m68k.deb
MD5 checksum: d43f502971afc531923903f3ac7b5b3f

Alpha architecture:

alpha/c-client-dev_4.5-0slink2_alpha.deb
MD5 checksum: 6732ae9495ee29590ed85cc482fbda97

alpha/imap_4.5-0slink2_alpha.deb
MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b

alpha/ipopd_4.5-0slink2_alpha.deb
MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0


These files will be copied into
soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

deb debian
stable updates


- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV
0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq
TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx
=Z3ew
-----END PGP SIGNATURE-----




Severity
We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up