Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 506
Alerts This Week
Warning Icon 1 506

Gentoo: 200305-12 Critical uw-imapd Buffer Overflow Remote Exploit

gentoo
Calendar Grey June 2, 2003
Dist Gentoo Esm H88
Gentoo has issued a warning about a critical buffer overflow vulnerability in uw-imapd that may lead to unauthorized access; updating your systems is vital for security
UW-imapd can also act as IMAP client, allowing user to connect to specified server

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200305-12


- From advisory:
"UW-imapd can also act as IMAP client, allowing user to connect to specified server. It is disabled for anonymous users, but allowed for everyone else (even with closedBox, blackBox or restrictBox enabled). So exploiting it could give you access to the system as the logged in user."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/uw-imapd upgrade to uw-imapd-2002d as follows
emerge sync emerge uw-imapd emerge clean
aliz@gentoo.org - GnuPG key is available at prez@gentoo.org

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : uw-imapd
SUMMARY : buffer overflow
DATE : 2003-06-01 11:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =uw-imapd-2002d
CVE :

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround