MDKSA-2001:054

Package name

imap

Date

2001-06-11

Advisory ID

MDKSA-2001:054

Affected versions

8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

Several buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independant groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user's permissions. On systems where the user already has a shell, nothing new will be provided to that user, unless the user has only local shell access. On systems where the email accounts do not provide shell access, however, the problem is much greater.

Updated packages

8.0 i586

 6a452cc1dc11d0b4e463bad8ad72c76f  8.0/RPMS/imap-2000c-4.4mdk.i586.rpm
b5e240934dce233b30b3b9b3dd378548  8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm
7e3c70c61268f0cc2ee129d17e363897  8.0/SRPMS/imap-2000c-4.4mdk.src.rpm

7.2 i586

 84255f2e48d8941a9ebfc9b96aa29485  7.2/RPMS/imap-2000c-4.5mdk.i586.rpm
641bb3f1c7a89d21826074a24f1f480f  7.2/RPMS/imap-devel-2000c-4.5mdk.i586.rpm
0e123cce424178305fb86e739c198734  7.2/SRPMS/imap-2000c-4.5mdk.src.rpm

7.1 i586

 6bf29864715e9a7fcfca87fcbba9774f  7.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  7.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  7.1/SRPMS/imap-2000c-4.6mdk.src.rpm

CS1.0 i586

 6bf29864715e9a7fcfca87fcbba9774f  1.0.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  1.0.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  1.0.1/SRPMS/imap-2000c-4.6mdk.src.rpm