Possible IMAP Version Vulnerability

Impact

An attacker can receive imap administrator privilige which can be used e.g. to create or delete folders.

The Problem

A vulnerability in the SuSE Linux IMAP Server - which is unrelated to the SuSE Linux Distribution (which is unaffected) - was found which allows remote users to circumvented the imap authentication.

No specific information concerning version numbers was provided by SuSE. Consequently, SARA cannot differentiate between vulnerable and non-vulnerable servers.

Resolution

Get the security fix from SuSE at:

secfix.tgz

CVE Reference(s):