Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:034: imap Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the imap package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:034 (imap).
A buffer overflow was discovered in the imap server that could allow a malicious
user to run code on the server with the uid and gid of the email owner by
constructing a malformed request that would trigger the buffer overflow.
However, the user must successfully authenticate to the imap service in order to
exploit it, which limits the scope of the vulnerability somewhat, unless you are
a free mail provider or run a mail service where users do not already have shell
access to the system.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:034
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.