|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200603-04] IMAP Proxy: Format string vulnerabilities Vulnerability Scan
Vulnerability Scan Summary IMAP Proxy: Format string vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200603-04
(IMAP Proxy: Format string vulnerabilities)
Steve Kemp discovered two format string errors in IMAP Proxy.
Impact
A remote attacker could design a malicious IMAP server and entice
someone to connect to it using IMAP Proxy, resulting in the execution
of arbitrary code with the rights of the victim user.
Workaround
Only connect to trusted IMAP servers using IMAP Proxy.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2661
Solution:
All IMAP Proxy users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/up-imapproxy-1.2.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|