GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Sep 17, 2005 12:34 pm Post subject: [ GLSA 200509-10 ] Mailutils: Format string vulnerability in |
|
|
Gentoo Linux Security Advisory
Title: Mailutils: Format string vulnerability in imap4d (GLSA 200509-10)
Severity: high
Exploitable: remote
Date: September 17, 2005
Updated: May 22, 2006
Bug(s): #105458
ID: 200509-10
Synopsis
The imap4d server contains a vulnerability allowing an authenticated user
to execute arbitrary code with the privileges of the imap4d process.
Background
The GNU Mailutils are a collection of mail-related utilities, including
an IMAP4 server (imap4d).
Affected Packages
Package: net-mail/mailutils
Vulnerable: < 0.6-r2
Unaffected: >= 0.6-r2
Architectures: All supported architectures
Description
The imap4d server contains a format string bug in the handling of IMAP
SEARCH requests.
Impact
An authenticated IMAP user could exploit the format string error in
imap4d to execute arbitrary code as the imap4d user, which is usually
root.
Workaround
There are no known workarounds at this time.
Resolution
All GNU Mailutils users should upgrade to the latest available version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2" |
References
iDEFENSE 09.09.05 advisory
CVE-2005-2878
Last edited by GLSA on Sat Sep 18, 2010 4:20 am; edited 4 times in total |
|