Debian Security Advisory
ipopd -- Vulnerability in POP-2 daemon
- Date Reported:
- 07 Jun 1999
- Affected Packages:
-
ipopd
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0920.
- More information:
- The version of the imap suite in Debian GNU/Linux 2.1 has
a vulnerability in its POP-2 daemon, which can be found in the ipopd package.
Using this vulnerability it is possible for remote users to get a shell as user
"nobody" on the server.
- Fixed in:
-
- alpha:
- http://security.debian.org/dists/stable/updates/binary-alpha/ipopd_4.5-0slink3_alpha.deb
- i386:
- http://security.debian.org/dists/stable/updates/binary-i386/ipopd_4.5-0slink3_i386.deb
- m68k:
- http://security.debian.org/dists/stable/updates/binary-m68k/ipopd_4.5-0slink3_m68k.deb
- sparc:
- http://security.debian.org/dists/stable/updates/binary-sparc/ipopd_4.5-0slink3_sparc.deb
