Mandrake Linux Security Advisory : imap (MDKSA-2001:054)
Medium Nessus Plugin ID 13871
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionSeveral buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independent groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user's permissions. On systems where the user already has a shell, nothing new will be provided to that user, unless the user has only local shell access. On systems where the email accounts do not provide shell access, however, the problem is much greater.
SolutionUpdate the affected imap and / or imap-devel packages.