Security bugfix for CYRUS-IMAPD
(Last modified: 22FEB2002)
solutions Security bugfix for CYRUS-IMAPD SuSE Linux Maintenance Web (b75da32c90725fcba420dc2e7499b65f)
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE Linux Connectivity Server
IMAP(Internet Message Access Protocol) and added trailing or leading whitespaces to his
UID(User ID), a new
IMAPuser and an
INBOXwill be created by many mail clients.
As a result of a wrong patch applied by
SuSEit is possible to login on the
IMAPdaemon as an anonymous user even if anonymous login is switched off. The anonymous user may add folders and fill them up to the global quota, leaving the service potentially vulnerable to denial of service attacks. He may also access shared folders that have insufficient access control without authentication.
RPMpackage that can be downloaded from the links below. For installation please follow these instructions:
- Stop the
- Install the provided RPM package
rpm -Uhv cyrus-imapd.rpm
- Start the
Download Source Packages
Download the source code of the patches for maintained products.
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.