|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 547 CVE : CVE-2005-2661 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : No Credit : Thierry Carrez Published : 07.03.2006
Advisory Content : - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IMAP Proxy: Format string vulnerabilities Date: March 06, 2006 Bugs: #107679 ID: 200603-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Format string vulnerabilities in IMAP Proxy may lead to the execution of arbitrary code when connected to malicious IMAP servers. Background ========== IMAP Proxy (also known as up-imapproxy) proxies IMAP transactions between an IMAP client and an IMAP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/up-imapproxy < 1.2.4 >= 1.2.4 Description =========== Steve Kemp discovered two format string errors in IMAP Proxy. Impact ====== A remote attacker could design a malicious IMAP server and entice someone to connect to it using IMAP Proxy, resulting in the execution of arbitrary code with the rights of the victim user. Workaround ========== Only connect to trusted IMAP servers using IMAP Proxy. Resolution ========== All IMAP Proxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/up-imapproxy-1.2.4" References ========== [ 1 ] CVE-2005-2661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2661 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEDKUDvcL1obalX08RAi9RAJ9wYi81AFNqLhlAMM2ozIQTAt0/zQCdEDC3 MgSeAfz1sC3SXlEPmkbHJ/M= =d3D5 -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |