University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
The vendor has released an upgrade dealing with this issue.
Turbolinux has made an advisory available (TLSA-2005-32) dealing with this issue. Please see the referenced advisory for more information.
Mandrake linux has made an advisory available (MDKSA-2005:026) dealing with this issue. Please see the referenced advisory for more information.
Gentoo linux has made advisory GLSA 200502-02 available dealing with this issue. Gentoo advises that all UW IMAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b"
For more information please see the referenced Gentoo advisory.
Red Hat has released advisory RHSA-2005:128-06 to address this issue in Red Hat Enterprise Linux 3. Please see the advisory in Web references for more information.
SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.
SuSE Linux has released advisory SUSE-SA:2005:012 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Silicon Graphics has released advisory 20050301-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.
The Fedora Legacy project has released advisory FLSA:152912 to address this issue in RedHat Linux 7.3, 9, and Fedora Core 1. Please see the referenced advisory for further information.
University of Washington imap 2002b
University of Washington imap 2004
University of Washington imap 2004a
University of Washington imap 2002
University of Washington imap 2002c
University of Washington imap 2002e
University of Washington imap 2002d
University of Washington imap 2004b