|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200403-06] Multiple remote buffer overflow vulnerabilities in Courier Vulnerability Scan
Vulnerability Scan Summary Multiple remote buffer overflow vulnerabilities in Courier
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200403-06
(Multiple remote buffer overflow vulnerabilities in Courier)
The vulnerabilities have been found in the 'SHIFT_JIS' converter in
'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. A possible hacker may
supply Unicode characters that exceed BMP (Basic Multilingual Plane) range,
causing an overflow.
Impact
A possible hacker without rights may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.
Workaround
While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected packages.
References:
http://www.securityfocus.com/bid/9845
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0224
Solution:
All users should upgrade to current versions of the affected packages:
# emerge sync
# emerge -pv ">=net-mail/courier-imap-3.0.0"
# emerge ">=net-mail/courier-imap-3.0.0"
# ** Or
depending on your installation... **
# emerge -pv ">=net-mail/courier-0.45"
# emerge ">=net-mail/courier-0.45"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|