imap 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1236008151
업데이트 : 2009.03.03
상세내용
imap package 는 pop3 와 imap daemon 을 포함하고 있다.
변경사항
. 2007e 업데이트
. CVE-2008-5005:
Multiple stack-based buffer overflows in (1) University of Washington IMAP
Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and
earlier, and (3) Panda IMAP allow (a) local users to gain privileges by
specifying a long folder extension argument on the command line to the
tmail or dmail program; and (b) remote attackers to execute arbitrary code
by sending e-mail to a destination mailbox name composed of a username and
'+' character followed by a long string, processed by the tmail or possibly
dmail program.
Autoupdates 지원 : Packages System
pkgadd -F imap*
update 패키지
RPMS :
. imap-2007e-1.i686.rpm
. imap-devel-2007e-1.i686.rpm
SRPMS :
. imap-2007e-1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
- imap, imaps, ipop3, pop3s 의 xinetd 구동 설정 파일은 imap-init-@servicename@
으로 분리되어 있습니다.
|