Technical Description

Slackware has released updated packages to correct a vulnerability identified in IMAPd. This flaw is due to a stack overflow error in the "mail_valid_net_parse_work()" [src/c-client/mail.c] function that does not properly handle specially crafted mailbox names containing a quote (") character, which could be exploited by authenticated remote attackers to execute arbitrary commands with the privileges of the IMAP server. For additional information, see : VUPEN/ADV-2005-1953

Affected Products

Slackware 8.1
Slackware 9.0
Slackware 9.1
Slackware 10.0
Slackware 10.1
Slackware 10.2

Solution

Upgrade the affected package :
ftp://ftp.slackware.com/pub/slackware/

References

http://www.vupen.com/english/advisories/2005/2321
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161

ChangeLog

2005-11-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.