ID de Prueba:	1.3.6.1.4.1.25623.1.0.51564
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:557
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:557. The Cyrus IMAP Server is an e-mail application that uses the Internet Message Access Protocol (IMAP). It allows an user to perform certain mail functions on a remote server rather than on a local computer. Timo Sirainen discovered[1] a remotely exploitable pre-login buffer overflow in cyrus imapd. The problem resides in the way memory is managed (an integer overflow can cause less memory than needed to be allocated). This vulnerability[2] may be exploited prior to authentication to the IMAP server and could allow a remote attacker to read other users' mail and to execute arbitrary code with the privileges of the user running the IMAP server (Conectiva Linux has a special unprivileged user called 'cyrus' responsible for that). Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://online.securityfocus.com/archive/1/301864 http://www.kb.cert.org/vuls/id/740169 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:557 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.