|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-10] Mailutils: Format string vulnerability in imap4d Vulnerability Scan
Vulnerability Scan Summary Mailutils: Format string vulnerability in imap4d
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-10
(Mailutils: Format string vulnerability in imap4d)
The imap4d server contains a format string bug in the handling of
IMAP SEARCH requests.
Impact
An authenticated IMAP user could exploit the format string error
in imap4d to execute arbitrary code as the imap4d user, which is
usually root.
Workaround
There are no known workarounds at this time.
References:
http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities
Solution:
All GNU Mailutils users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|