GLSA-200509-10 : Mailutils: Format string vulnerability in imap4d
High Nessus Plugin ID 19742
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200509-10 (Mailutils: Format string vulnerability in imap4d)
The imap4d server contains a format string bug in the handling of IMAP SEARCH requests.
An authenticated IMAP user could exploit the format string error in imap4d to execute arbitrary code as the imap4d user, which is usually root.
There are no known workarounds at this time.
SolutionAll GNU Mailutils users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/mailutils-0.6-r2'