Home > Security > Advisories


Mandriva Advisories

Package name imap
Date June 11th, 2001
Advisory ID MDKSA-2001:054
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated imap packages fix several buffer overflow vulnerabilities

Problem Description

Several buffer overflow vulnerabilities have been found in the UW-IMAP
package by the authors and independant groups. These vulnerabilities
can be exploited only once a user has authenticated which limits the
extent of the vulnerability to a remote shell with that user's
permissions. On systems where the user already has a shell, nothing
new will be provided to that user, unless the user has only local shell
access. On systems where the email accounts do not provide shell
access, however, the problem is much greater.

Updated Packages

Mandrakelinux 7.1

 6bf29864715e9a7fcfca87fcbba9774f  7.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  7.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  7.1/SRPMS/imap-2000c-4.6mdk.src.rpm

Mandrakelinux 7.2

 84255f2e48d8941a9ebfc9b96aa29485  7.2/RPMS/imap-2000c-4.5mdk.i586.rpm
641bb3f1c7a89d21826074a24f1f480f  7.2/RPMS/imap-devel-2000c-4.5mdk.i586.rpm
0e123cce424178305fb86e739c198734  7.2/SRPMS/imap-2000c-4.5mdk.src.rpm

Mandrakelinux 8.0

 6a452cc1dc11d0b4e463bad8ad72c76f  8.0/RPMS/imap-2000c-4.4mdk.i586.rpm
b5e240934dce233b30b3b9b3dd378548  8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm
7e3c70c61268f0cc2ee129d17e363897  8.0/SRPMS/imap-2000c-4.4mdk.src.rpm

Corporate Server 1.0.1

 6bf29864715e9a7fcfca87fcbba9774f  1.0.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  1.0.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  1.0.1/SRPMS/imap-2000c-4.6mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.