Home > Security > Advisories

Advisories

Mandriva Advisories

Package name imap
Date May 27th, 2002
Advisory ID MDKSA-2002:034
Affected versions 7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis Updated imap packages fix buffer overflow vulnerability

Problem Description

A buffer overflow was discovered in the imap server that could allow a
malicious user to run code on the server with the uid and gid of the
email owner by constructing a malformed request that would trigger the
buffer overflow. However, the user must successfully authenticate to
the imap service in order to exploit it, which limits the scope of the
vulnerability somewhat, unless you are a free mail provider or run a
mail service where users do not already have shell access to the
system.

Updated Packages

Mandrakelinux 7.1

 c65c6c70be4cd76d2611f17d9af3a798  7.1/RPMS/imap-2000c-4.9mdk.i586.rpm
dc43ec1852fddc2492b24bbaf0e01cc4  7.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm
2a4197b14d17ab31a8aa0745c60e052e  7.1/SRPMS/imap-2000c-4.9mdk.src.rpm

Mandrakelinux 7.2

 38732ca373f484e5a4bce42eaefbdfe4  7.2/RPMS/imap-2000c-4.8mdk.i586.rpm
c46b69fa7cce34a93205db7a88c9e620  7.2/RPMS/imap-devel-2000c-4.8mdk.i586.rpm
381d74cfd1824f7632d4fa468b5a8305  7.2/SRPMS/imap-2000c-4.8mdk.src.rpm

Mandrakelinux 8.0

 34da61af1da42335283e8b560e72ec69  8.0/RPMS/imap-2000c-4.7mdk.i586.rpm
9b636fbf72fba4012c955e60781a3047  8.0/RPMS/imap-devel-2000c-4.7mdk.i586.rpm
d1af6459ff7640ec72cde68299459828  8.0/SRPMS/imap-2000c-4.7mdk.src.rpm

Mandrakelinux 8.0/PPC

 1cd673e699d837f2f5dd4da0014dd396  ppc/8.0/RPMS/imap-2000c-4.7mdk.ppc.rpm
79d2219a885e12c92449cf2bd27956c4  ppc/8.0/RPMS/imap-devel-2000c-4.7mdk.ppc.rpm
d1af6459ff7640ec72cde68299459828  ppc/8.0/SRPMS/imap-2000c-4.7mdk.src.rpm

Mandrakelinux 8.1

 47671a2da4809d2d7cf5bd637881eb74  8.1/RPMS/imap-2000c-7.1mdk.i586.rpm
e9fca108eface6c6845509d2496dd1fb  8.1/RPMS/imap-devel-2000c-7.1mdk.i586.rpm
59712bcf649dc27f54d95fa4bcff38c7  8.1/SRPMS/imap-2000c-7.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 7306d3e9febbc79fe996e26689f5d3d8  ia64/8.1/RPMS/imap-2000c-7.1mdk.ia64.rpm
581ba9e939c21a73f7f6945a903d8c50  ia64/8.1/RPMS/imap-devel-2000c-7.1mdk.ia64.rpm
59712bcf649dc27f54d95fa4bcff38c7  ia64/8.1/SRPMS/imap-2000c-7.1mdk.src.rpm

Mandrakelinux 8.2

 6f76f364c6c5c9ba37a200bfec94021c  8.2/RPMS/imap-2001a-5.1mdk.i586.rpm
43729a72c87d22c1b711f89c767be6f3  8.2/RPMS/imap-devel-2001a-5.1mdk.i586.rpm
ff5a17dd361ff95911f76cb9fe656f6f  8.2/SRPMS/imap-2001a-5.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 354f1dcc7493c194281f20a4bc693013  ppc/8.2/RPMS/imap-2001a-5.1mdk.ppc.rpm
d688b6748fec7f9a844ab3f643b01efc  ppc/8.2/RPMS/imap-devel-2001a-5.1mdk.ppc.rpm
ff5a17dd361ff95911f76cb9fe656f6f  ppc/8.2/SRPMS/imap-2001a-5.1mdk.src.rpm

Corporate Server 1.0.1

 c65c6c70be4cd76d2611f17d9af3a798  1.0.1/RPMS/imap-2000c-4.9mdk.i586.rpm
dc43ec1852fddc2492b24bbaf0e01cc4  1.0.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm
2a4197b14d17ab31a8aa0745c60e052e  1.0.1/SRPMS/imap-2000c-4.9mdk.src.rpm

References

http://online.securityfocus.com/archive/1/271958

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.