remote authentication bypass in imap

2005-03-0109:32:11

lists.opensuse.org

0.028 Low

EPSS

Percentile

89.5%

JSON

The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.

Solution

None, please install the updated packages.

OSVersionArchitecturePackageVersionFilename
openSUSE9.1i586imap-2002e< 92.4imap-2002e-92.4.i586.rpm
openSUSE9.0x86_64imap< 2002d-59imap-2002d-59.x86_64.rpm
openSUSE9.2x86_64imap-2004a< 3.2imap-2004a-3.2.x86_64.rpm
openSUSE8.2i586imap< 2002-56imap-2002-56.i586.rpm
openSUSE9.1x86_64imap-2002e< 92.4imap-2002e-92.4.x86_64.rpm
openSUSE9.0i586imap< 2002d-59imap-2002d-59.i586.rpm
openSUSE9.2i586imap-2004a< 3.2imap-2004a-3.2.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.1	i586	imap-2002e	< 92.4	imap-2002e-92.4.i586.rpm
openSUSE	9.0	x86_64	imap	< 2002d-59	imap-2002d-59.x86_64.rpm
openSUSE	9.2	x86_64	imap-2004a	< 3.2	imap-2004a-3.2.x86_64.rpm
openSUSE	8.2	i586	imap	< 2002-56	imap-2002-56.i586.rpm
openSUSE	9.1	x86_64	imap-2002e	< 92.4	imap-2002e-92.4.x86_64.rpm
openSUSE	9.0	i586	imap	< 2002d-59	imap-2002d-59.i586.rpm
openSUSE	9.2	i586	imap-2004a	< 3.2	imap-2004a-3.2.i586.rpm

0.028 Low

EPSS

Percentile

89.5%

JSON

Related for SUSE-SA:2005:012