Detections
Analytics
Mandrake Linux Security Advisory : imap (MDKSA-2002:034)
high Nessus Plugin ID 13940
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system.Solution
Update the affected imap and / or imap-devel packages.See Also
http://web.archive.org/web/20030216141306/http://online.securityfocus.com:80/archive/1/271958
Plugin Details
Severity: High
ID: 13940
File Name: mandrake_MDKSA-2002-034.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:imap, p-cpe:/a:mandriva:linux:imap-devel, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 5/27/2002
Reference Information
CVE: CVE-2002-0379
MDKSA: 2002:034