Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:139 (cyrus-imapd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50618

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:139 (cyrus-imapd)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cyrus-imapd
announced via advisory MDKSA-2004:139.

A number of vulnerabilities in the Cyrus-IMAP server were found by
Stefan Esser. Due to insufficient checking within the argument
parser of the 'partial' and 'fetch' commands, a buffer overflow could
be exploited to execute arbitrary attacker-supplied code. Another
exploitable buffer overflow could be triggered in situations when
memory allocation files.

The provided packages have been patched to prevent these problems.

Affected versions: 10.0, 10.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1015

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1011
Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110123023521619&w=2
http://security.gentoo.org/glsa/glsa-200411-34.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
http://security.e-matters.de/advisories/152004.html
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
http://secunia.com/advisories/13274/
XForce ISS Database: cyrus-imap-username-bo(18198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18198
Common Vulnerability Exposure (CVE) ID: CVE-2004-1012
Debian Security Information: DSA-597 (Google Search)
http://www.debian.org/security/2004/dsa-597
https://www.ubuntu.com/usn/usn-31-1/
XForce ISS Database: cyrus-imap-commands-execute-code(18199)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
Common Vulnerability Exposure (CVE) ID: CVE-2004-1013
Common Vulnerability Exposure (CVE) ID: CVE-2004-1015
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
XForce ISS Database: cyrus-magic-plus-bo(18274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18274

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50618
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:139 (cyrus-imapd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cyrus-imapd announced via advisory MDKSA-2004:139. A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. Another exploitable buffer overflow could be triggered in situations when memory allocation files. The provided packages have been patched to prevent these problems. Affected versions: 10.0, 10.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1011 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1013 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1015 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1011 Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110123023521619&w=2 http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 http://security.e-matters.de/advisories/152004.html http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://secunia.com/advisories/13274/ XForce ISS Database: cyrus-imap-username-bo(18198) https://exchange.xforce.ibmcloud.com/vulnerabilities/18198 Common Vulnerability Exposure (CVE) ID: CVE-2004-1012 Debian Security Information: DSA-597 (Google Search) http://www.debian.org/security/2004/dsa-597 https://www.ubuntu.com/usn/usn-31-1/ XForce ISS Database: cyrus-imap-commands-execute-code(18199) https://exchange.xforce.ibmcloud.com/vulnerabilities/18199 Common Vulnerability Exposure (CVE) ID: CVE-2004-1013 Common Vulnerability Exposure (CVE) ID: CVE-2004-1015 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145 XForce ISS Database: cyrus-magic-plus-bo(18274) https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com