Mandrake Linux Security Advisory : imap (MDKSA-2001:054)

medium Nessus Plugin ID 13871

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Several buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independent groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user's permissions. On systems where the user already has a shell, nothing new will be provided to that user, unless the user has only local shell access. On systems where the email accounts do not provide shell access, however, the problem is much greater.

Solution

Update the affected imap and / or imap-devel packages.

Plugin Details

Severity: Medium

ID: 13871

File Name: mandrake_MDKSA-2001-054.nasl

Version: 1.17

Type: local

Family: Mandriva Local Security Checks

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:imap, p-cpe:/a:mandriva:linux:imap-devel, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 6/11/2001

Reference Information

CVE: CVE-2001-0691

MDKSA: 2001:054

Detections

Analytics