Security bugfix for CYRUS-IMAPD
(Last modified: 22FEB2002)
solutions Security bugfix for CYRUS-IMAPD SuSE Linux Maintenance Web (b75da32c90725fcba420dc2e7499b65f)
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE Linux Connectivity Server
IMAP(Internet Message Access Protocol) and added trailing or leading whitespaces to his
UID(User ID), a new
IMAPuser and an
INBOXwill be created by many mail clients.
As a result of a wrong patch applied by
SuSEit is possible to login on the
IMAPdaemon as an anonymous user even if anonymous login is switched off. The anonymous user may add folders and fill them up to the global quota, leaving the service potentially vulnerable to denial of service attacks. He may also access shared folders that have insufficient access control without authentication.
RPMpackage that can be downloaded from the links below. For installation please follow these instructions:
- Stop the
- Install the provided RPM package
rpm -Uhv cyrus-imapd.rpm
- Start the
Download Source Packages
Download the source code of the patches for maintained products.