|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-10] uw-imap: Remote buffer overflow Vulnerability Scan
Vulnerability Scan Summary uw-imap: Remote buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-10
(uw-imap: Remote buffer overflow)
Improper bounds checking of user supplied data while parsing IMAP
mailbox names can lead to overflowing the stack buffer.
Impact
Successful exploitation requires an authenticated IMAP user to
request a malformed mailbox name. This can lead to execution of
arbitrary code with the permissions of the IMAP server.
Workaround
There are no known workarounds at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
Solution:
All uw-imap users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004g"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|