Security bugfix for CYRUS-IMAPD
Knowledgebase
(Last modified: 22FEB2002)
solutions Security bugfix for CYRUS-IMAPD SuSE Linux Maintenance Web (b75da32c90725fcba420dc2e7499b65f)
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE Linux Connectivity Server
Package: cyrus-imapd
Release: 20020222
Obsoletes: none
Cyrus IMAPD.IMAP (Internet Message Access Protocol) and added trailing or leading whitespaces to his UID (User ID), a new IMAP user and an INBOX will be created by many mail clients.As a result of a wrong patch applied by
SuSE it is possible to login on the IMAP daemon as an anonymous user even if anonymous login is switched off. The anonymous user may add folders and fill them up to the global quota, leaving the service potentially vulnerable to denial of service attacks. He may also access shared folders that have insufficient access control without authentication.RPM package that can be downloaded from the links below. For installation please follow these instructions: - Stop the
Cyrus IMAPDrccyrus stop - Install the provided RPM package
rpm -Uhv cyrus-imapd.rpm - Start the
Cyrus IMAPDrccyrus start
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.