Mandrake Linux Security Advisory : imap (MDKSA-2002:034)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A buffer overflow was discovered in the imap server that could allow a
malicious user to run code on the server with the uid and gid of the
email owner by constructing a malformed request that would trigger the
buffer overflow. However, the user must successfully authenticate to
the imap service in order to exploit it, which limits the scope of the
vulnerability somewhat, unless you are a free mail provider or run a
mail service where users do not already have shell access to the
system.

See also :

http://online.securityfocus.com/archive/1/271958

Solution :

Update the affected imap and / or imap-devel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13940 (mandrake_MDKSA-2002-034.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0379

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now