Author: JT Smith
It’s at LWN.net. Several buffer overflow vulnerabilities have been found in the UW-IMAP
package by the authors and independant groups. These vulnerabilities
can be exploited only once a user has authenticated which limits the
extent of the vulnerability to a remote shell with that user’s
permissions. On systems where the user already has a shell, nothing
new will be provided to that user, unless the user has only local shell
access. On systems where the email accounts do not provide shell
access, however, the problem is much greater.
package by the authors and independant groups. These vulnerabilities
can be exploited only once a user has authenticated which limits the
extent of the vulnerability to a remote shell with that user’s
permissions. On systems where the user already has a shell, nothing
new will be provided to that user, unless the user has only local shell
access. On systems where the email accounts do not provide shell
access, however, the problem is much greater.
Category:
- Linux