Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:064 (imap)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63481

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:064 (imap)

Resumen: The remote host is missing an update to imap;announced via advisory MDVSA-2009:064.

Descripción: Summary:
The remote host is missing an update to imap
announced via advisory MDVSA-2009:064.

Vulnerability Insight:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit which could allow local users to gain
privileges by specifying incorrect folder name (CVE-2008-5005).

The updated packages have been patched to prevent this.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5005
BugTraq ID: 32072
http://www.securityfocus.com/bid/32072
Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/498002/100/0/threaded
Debian Security Information: DSA-1685 (Google Search)
http://www.debian.org/security/2008/dsa-1685
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
http://www.bitsec.com/en/rad/bsa-081103.c
http://www.bitsec.com/en/rad/bsa-081103.txt
http://www.washington.edu/alpine/tmailbug.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
http://www.openwall.com/lists/oss-security/2008/11/03/3
http://www.openwall.com/lists/oss-security/2008/11/03/4
http://www.openwall.com/lists/oss-security/2008/11/03/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
RedHat Security Advisories: RHSA-2009:0275
http://rhn.redhat.com/errata/RHSA-2009-0275.html
http://securitytracker.com/id?1021131
http://secunia.com/advisories/32483
http://secunia.com/advisories/32512
http://secunia.com/advisories/33142
http://secunia.com/advisories/33996
http://securityreason.com/securityalert/4570
http://www.vupen.com/english/advisories/2008/3042
XForce ISS Database: uwimapd-tmail-bo(46281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63481
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:064 (imap)
Resumen:	The remote host is missing an update to imap;announced via advisory MDVSA-2009:064.
Descripción:	Summary: The remote host is missing an update to imap announced via advisory MDVSA-2009:064. Vulnerability Insight: Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit which could allow local users to gain privileges by specifying incorrect folder name (CVE-2008-5005). The updated packages have been patched to prevent this. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5005 BugTraq ID: 32072 http://www.securityfocus.com/bid/32072 Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search) http://www.securityfocus.com/archive/1/498002/100/0/threaded Debian Security Information: DSA-1685 (Google Search) http://www.debian.org/security/2008/dsa-1685 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html http://marc.info/?l=full-disclosure&m=122572590212610&w=4 http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 http://www.bitsec.com/en/rad/bsa-081103.c http://www.bitsec.com/en/rad/bsa-081103.txt http://www.washington.edu/alpine/tmailbug.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html http://www.openwall.com/lists/oss-security/2008/11/03/3 http://www.openwall.com/lists/oss-security/2008/11/03/4 http://www.openwall.com/lists/oss-security/2008/11/03/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485 RedHat Security Advisories: RHSA-2009:0275 http://rhn.redhat.com/errata/RHSA-2009-0275.html http://securitytracker.com/id?1021131 http://secunia.com/advisories/32483 http://secunia.com/advisories/32512 http://secunia.com/advisories/33142 http://secunia.com/advisories/33996 http://securityreason.com/securityalert/4570 http://www.vupen.com/english/advisories/2008/3042 XForce ISS Database: uwimapd-tmail-bo(46281) https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Copyright	Copyright (C) 2009 E-Soft Inc.