Bug 469522 - uw-imap: Security bug in tmail and dmail
uw-imap: Security bug in tmail and dmail
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: uw-imap (Show other bugs)
9
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Rex Dieter
Fedora Extras Quality Assurance
:
Depends On:
Blocks: CVE-2008-5005
  Show dependency treegraph
 
Reported: 2008-11-01 17:36 EDT by Rex Dieter
Modified: 2008-11-05 23:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-05 23:10:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rex Dieter 2008-11-01 17:36:05 EDT
+++ This bug was initially created as a clone of Bug #469415 +++

Description of problem:
Copied from a post to imap-uw@u.washington.edu:

There is a security bug in versions of the programs tmail and dmail distributed with the IMAP Toolkit versions 2007c or earlier (all versions prior to 2008-10-29). This includes the version distributed with Alpine 2.00. A fixed version of the programs is included in the IMAP Toolkit version 2007d.[cut]

If you are using tmail or dmail you should replace them with the fixed versions immediately. The bug is exploitable by local users with shell access and may be remotely exploitable on some systems. A default sendmail installation with tmail as a delivery agent is not remotely exploitable because of length limits imposed by sendmail.[cut]

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
Comment 1 Fedora Update System 2008-11-05 23:09:55 EST
uw-imap-2007d-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.