Mandrake Linux Security Advisory : imap (MDKSA-2001:054)

Medium Nessus Plugin ID 13871


The remote Mandrake Linux host is missing one or more security updates.


Several buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independent groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user's permissions. On systems where the user already has a shell, nothing new will be provided to that user, unless the user has only local shell access. On systems where the email accounts do not provide shell access, however, the problem is much greater.


Update the affected imap and / or imap-devel packages.

Plugin Details

Severity: Medium

ID: 13871

File Name: mandrake_MDKSA-2001-054.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/07/31

Modified: 2014/06/27

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:imap, p-cpe:/a:mandriva:linux:imap-devel, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/06/11

Reference Information

CVE: CVE-2001-0691

MDKSA: 2001:054