Test Kennung:	1.3.6.1.4.1.25623.1.0.51564
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:557
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:557. The Cyrus IMAP Server is an e-mail application that uses the Internet Message Access Protocol (IMAP). It allows an user to perform certain mail functions on a remote server rather than on a local computer. Timo Sirainen discovered[1] a remotely exploitable pre-login buffer overflow in cyrus imapd. The problem resides in the way memory is managed (an integer overflow can cause less memory than needed to be allocated). This vulnerability[2] may be exploited prior to authentication to the IMAP server and could allow a remote attacker to read other users' mail and to execute arbitrary code with the privileges of the user running the IMAP server (Conectiva Linux has a special unprivileged user called 'cyrus' responsible for that). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://online.securityfocus.com/archive/1/301864 http://www.kb.cert.org/vuls/id/740169 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:557 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.