首页 -> 安全研究

安全研究

绿盟月刊
绿盟安全月刊->第22期->最新漏洞
期刊号: 类型: 关键词:
Imapd 远程缓冲溢出漏洞

日期:2001-06-15

受影响的系统:  
University of Washington imapd 2000c
   + MandrakeSoft Linux Mandrake 8.0
   + MandrakeSoft Linux Mandrake 7.2
   + MandrakeSoft Linux Mandrake 7.1
   + MandrakeSoft Corporate Server 1.0.1
University of Washington imapd 2000b
University of Washington imapd 2000a
描述:
--------------------------------------------------------------------------------


BUGTRAQ ID : 2856

Washington University Imapd 是一个流行的服务器程序,它使用户通过IMAP协议直接
从服务器下载邮件。

发现Imapd存在多个缓冲溢出漏洞,如果用户已经通过认证,就可能远程远程获得
shell权限。

这个漏洞影响那些只开放email访问权限的系统,对于已经提供shell访问权限的系
统,这个漏洞并不能给攻击者任何特权。

<*来源:MDKSA-2001:054 - imap update
  主页:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-054.php3
*>




--------------------------------------------------------------------------------
建议:

厂商补丁:

Linux-Mandrake (http://www.linux-mandrake.com/en/security/)为此发布了一份安全公告 :
MDKSA-2001:054 - imap update

补丁下载 -
________________________________________________________________________
Linux-Mandrake 7.1:
6bf29864715e9a7fcfca87fcbba9774f  7.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  7.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  7.1/SRPMS/imap-2000c-4.6mdk.src.rpm

Linux-Mandrake 7.2:
84255f2e48d8941a9ebfc9b96aa29485  7.2/RPMS/imap-2000c-4.5mdk.i586.rpm
641bb3f1c7a89d21826074a24f1f480f  7.2/RPMS/imap-devel-2000c-4.5mdk.i586.rpm
0e123cce424178305fb86e739c198734  7.2/SRPMS/imap-2000c-4.5mdk.src.rpm

Mandrake Linux 8.0:
6a452cc1dc11d0b4e463bad8ad72c76f  8.0/RPMS/imap-2000c-4.4mdk.i586.rpm
b5e240934dce233b30b3b9b3dd378548  8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm
7e3c70c61268f0cc2ee129d17e363897  8.0/SRPMS/imap-2000c-4.4mdk.src.rpm

Corporate Server 1.0.1:
6bf29864715e9a7fcfca87fcbba9774f  1.0.1/RPMS/imap-2000c-4.6mdk.i586.rpm
a0868dc57cf7ce8a39baeba197d44132  1.0.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
e574413ee56c8a30bcc907e4a3042eac  1.0.1/SRPMS/imap-2000c-4.6mdk.src.rpm

下载站点列表:
http://www.linux-mandrake.com/en/ftp.php3

版权所有,未经许可,不得转载