CESA-2009:0275 -- centos 3 i386 imapID: oval:org.secpod.oval:def:200362 | Date: (C)2012-01-31 (M)2024-02-19 |
Class: PATCH | Family: unix |
The imap package provides server daemons for both the IMAP and POP mail access protocols. A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue.