Joined: 12 May 2004
|Posted: Sat Sep 17, 2005 12:34 pm Post subject: [ GLSA 200509-10 ] Mailutils: Format string vulnerability in
|Gentoo Linux Security Advisory
Title: Mailutils: Format string vulnerability in imap4d (GLSA 200509-10)
Date: September 17, 2005
Updated: May 22, 2006
The imap4d server contains a vulnerability allowing an authenticated user
to execute arbitrary code with the privileges of the imap4d process.
The GNU Mailutils are a collection of mail-related utilities, including
an IMAP4 server (imap4d).
Vulnerable: < 0.6-r2
Unaffected: >= 0.6-r2
Architectures: All supported architectures
The imap4d server contains a format string bug in the handling of IMAP
An authenticated IMAP user could exploit the format string error in
imap4d to execute arbitrary code as the imap4d user, which is usually
There are no known workarounds at this time.
All GNU Mailutils users should upgrade to the latest available version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2"
iDEFENSE 09.09.05 advisory
Last edited by GLSA on Sat Sep 18, 2010 4:20 am; edited 4 times in total