remote authentication bypass in imap

2005-03-01T09:32:11
ID SUSE-SA:2005:012
Type suse
Reporter Suse
Modified 2005-03-01T09:32:11

Description

The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.

Solution

None, please install the updated packages.