|
Family: Debian Local Security Checks --> Category: infos
[DSA215] DSA-215-1 cyrus-imapd Vulnerability Scan
Vulnerability Scan Summary DSA-215-1 cyrus-imapd
Detailed Explanation for this Vulnerability Test
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,
which could be exploited by a remote attacker prior to logging in. A
malicious user could craft a request to run commands on the server under
the UID and GID of the cyrus server.
For the current stable distribution (woody) this problem has been
fixed in version 1.5.19-9.1.
For the old stable distribution (potato) this problem has been fixed
in version 1.5.19-2.2.
For the unstable distribution (sid) this problem has been
fixed in version 1.5.19-9.10. Current cyrus21-imapd packages are not
vulnerable.
We recommend that you upgrade your cyrus-imapd package.
Solution : http://www.debian.org/security/2002/dsa-215
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|