|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-29] Cyrus IMAP Server: Multiple overflow vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Cyrus IMAP Server: Multiple overflow vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-29
(Cyrus IMAP Server: Multiple overflow vulnerabilities)
Possible single byte overflows have been found in the imapd
annotate extension and mailbox handling code. Furthermore stack buffer
overflows have been found in fetchnews, the backend and imapd.
Impact
A possible hacker, who could be an authenticated user or an admin of a
peering news server, could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Cyrus IMAP
Server.
Workaround
There is no known workaround at this time.
References:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
Solution:
All Cyrus IMAP Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.12"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
