New version if ipopd prevents exploit
Posted by LinuxSecurity.com Team   
Debian We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server.
-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the version of the imap suite
in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon,
which can be found in the ipopd package. Using this vulnerability
it is possible for remote users to get a shell as user "nobody"
on the server.

We recommend you upgrade your ipopd package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/imap_4.5
-0slink2.diff.gz
      MD5 checksum: 606f893869069eee68f4c1e31392af29
    http://security.debian.org/dists/stable/updates/source/imap_4.5-
0slink2.dsc
      MD5 checksum: 93ed80a3619586ff9f3246003aca2448
    http://security.debian.org/dists/stable/updates/source/imap_4.5.orig.tar.gz
      MD5 checksum: 59afe4be5fcd17c20d241633a4a3d0ac
  
  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/binary-
sparc/c-client-dev_4.5-0slink2_sparc.deb
      MD5 checksum: 2de5363a3ea9f27c1aa064c3102567cc
    http://security.debian.org/dists/stable/updates/binary-
sparc/imap_4.5-0slink2_sparc.deb
      MD5 checksum: 87638b6ad06094f30ff6d2dddfd10b8b
    http://security.debian.org/dists/stable/updates/binary-
sparc/ipopd_4.5-0slink2_sparc.deb
      MD5 checksum: aa6621e2f7e2df751489c397e9e169a8
  
  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/c-
client-dev_4.5-0slink2_i386.deb
      MD5 checksum: fd92656c7281a4d8322b6da1285475cd
    http://security.debian.org/dists/stable/updates/binary-
i386/imap_4.5-0slink2_i386.deb
      MD5 checksum: c92eaece7e431c84708909362afad07d
    http://security.debian.org/dists/stable/updates/binary-
i386/ipopd_4.5-0slink2_i386.deb
      MD5 checksum: 29685847b0eef8307383a428b1d02be2
  
  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/c-
client-dev_4.5-0slink2_m68k.deb
      MD5 checksum: eeab449299e9f2d3fc97db69110b4432
    http://security.debian.org/dists/stable/updates/binary-
m68k/imap_4.5-0slink2_m68k.deb
      MD5 checksum: 4bd0fbaa392b6013f6caa33b04578764
    http://security.debian.org/dists/stable/updates/binary-
m68k/ipopd_4.5-0slink2_m68k.deb
      MD5 checksum: d43f502971afc531923903f3ac7b5b3f
  
  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-
alpha/c-client-dev_4.5-0slink2_alpha.deb
      MD5 checksum: 6732ae9495ee29590ed85cc482fbda97
    http://security.debian.org/dists/stable/updates/binary-
alpha/imap_4.5-0slink2_alpha.deb
      MD5 checksum: d0ee05b972d5d1bc1d066e2bae4d8c8b
    http://security.debian.org/dists/stable/updates/binary-
alpha/ipopd_4.5-0slink2_alpha.deb
      MD5 checksum: 89c3931092537d0eb23fb50fa57f1bb0


  These files will be copied into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Please note you can also use apt to always get the latest security
updates. To do so add the following line to /etc/apt/sources.list:

  deb http://security.debian.org/ 
stable updates


- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN1sKgajZR/ntlUftAQGqlgL/d+dzjkxSf0bVDuFmWmeMgH9UxhpJXAwV
0EAtFEY7oRyNpiRLHojnJ48sPviIetVsojHsz9w4uh787skIUJYdFTJN+/O+kxLq
TeF2k+ESbtLJav5QCnVrR7CfiIhYMLgx
=Z3ew
-----END PGP SIGNATURE-----