remote authentication bypass in imap

ID SUSE-SA:2005:012
Type suse
Reporter Suse
Modified 2005-03-01T09:32:11


The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.


None, please install the updated packages.