High Nessus Plugin ID 17242
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:012 (imap).
The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol.
This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.
This is tracked by the Mitre CVE ID CVE-2005-0198.