Fedora Core 3 : cyrus-imapd-2.2.12-1.1.fc3 (2005-339)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Several buffer overflow bugs were found in cyrus-imapd. It is possible
that an authenticated malicious user could cause the imap server to
crash. Additionally, a peer news admin could potentially execute
arbitrary code on the imap server when news is received using the
fetchnews command. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0546 to this issue.

In addition this version of the rpm contains a collection of other
fixes since the last FC3 update (see below changelog).

>>>>>>>>>>>><i> IMPORTANT NOTE FOR X86_64 INSTALLATION <<<<<<<<<<<<
</I> This rpm also fixes bug #156121 that incorrectly placed some
executables /usr/lib64/cyrus-imapd. /usr/lib64 is reserved for 64 bit
libraries and this caused problems for existing scripts that expected
to find them in a canonical location (/usr/lib/cyrus-imapd) and
violated the multilib packaging guidelines. Only references external
to the cyrus-imapd package are affected by this, the rpm is self
consistent. The most notable example is /usr/lib64/cyrus-impad/deliver
which is now /usr/lib/cyrus-imapd/deliver (use of lmtp is encouraged
in preference to deliver). This change only affects x86_64
installations.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?770b4e38

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 62256 ()

Bugtraq ID:

CVE ID: CVE-2005-0546

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now