_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit:
Multiple stack-based buffer overflows in (1) University of Washington
IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
privileges by specifying a long folder extension argument on the
Markus Jakobsson (Paypal, USA)
Jaeyeon Jung (Intel Labs Seattle, USA)
Apu Kapadia (Indiana University Bloomington, USA)
Jonathan Katz (University of Maryland, USA)
Stefan Katzenbeisser (TU Darmstadt, Germany)
Arvind Krishnamurthy (University of Washington, USA)
Christopher Kruegel (University of California, Santa Barbara, USA)
Ralf Kuesters (University of Trier, Germany)
Ninghui Li (Purdue University, USA)
Benjamin Livshits (Microsoft Research, USA)
Heiko Mantel (TU Darmstadt, Germany)
This vulnerability was found during the resolution of multiple
customer service requests.
We would like to thank the Internet Measurement Group from the
University of Washington for their help and support on
troubleshooting this issue.
Status of this Notice: FINAL
============================
Sotiris Ioannidis (ICS/FORTH, Greece)
Trent Jaeger (Penn State University, USA)
Farnam Jahanian (University of Michigan, USA)
Rob Johnson (Stony Brook University, USA)
Apu Kapadia (MIT Lincoln Labs, USA)
Yoshi Kohno (University of Washington, USA)
Shriram Krishnamurti (Brown University, USA)
Ben Laurie (Google UK)
Wenke Lee (Georgia Tech, USA)
Brian Levine (U of Massachusetts Amherst, USA)
Ninghui Li (Purdue University, USA)
the latest released packages for their version or to
to employ the stated workaround until such a time when
an upgrade may be performed.
This defect was first reported by Matt Weatherford from
the University of Washington. Our thanks to Matt for
helping improve Likewise Open.
_____________________________________________________________
Workaround:
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit which could allow local users to gain
privileges by specifying incorrect folder name (CVE-2008-5005).
The updated packages have been patched to prevent this.
_______________________________________________________________________
