First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 132674
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raphael Marichez <falco@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 132674 depends on: Show dependency tree
Bug 132674 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-05-08 06:02 0000 
original advisory :
http://sourceforge.net/project/shownotes.php?release_id=415350

SA19987 :
Description:
A security issue has been reported in vpopmail, which can be exploited by
malicious people to bypass certain security restrictions.

The security issue is caused due to an error within the handling of SMTP AUTH
and APOP password authentication. This can be exploited to authenticate to the
mail server using a blank password.

Successful exploitation requires that cleartext password authentication is
enabled and that the account does not have a cleartext password set.

The security issue has been reported in versions 5.4.14 and 5.4.15. Prior
versions may also be affected.

Solution:
The security issue has been fixed in development version 5.4.16.

------- Comment #1 From Raphael Marichez 2006-05-08 06:13:02 0000 ------- 
5.4.16 is available correcting the issue, please provide a new ebuild :)

------- Comment #2 From Jory A. Pratt 2006-05-08 15:16:15 0000 ------- 
Commited to tree, Go ahead and mark stable.

------- Comment #3 From Torsten Veller 2006-05-09 06:38:07 0000 ------- 
stable on x86

------- Comment #4 From Gustavo Zacarias (RETIRED) 2006-05-09 06:57:12 0000 ------- 
da sparc stable.

------- Comment #5 From René Nussbaumer 2006-05-10 11:25:25 0000 ------- 
stable on hppa

------- Comment #6 From Thomas Cort (RETIRED) 2006-05-10 11:47:42 0000 ------- 
amd64 done.

------- Comment #7 From Tobias Scherbaum 2006-05-11 05:35:22 0000 ------- 
ppc stable

------- Comment #8 From Stefan Cornelius (RETIRED) 2006-05-11 05:38:43 0000 ------- 
ready for glsa-vote. tend to say no.

------- Comment #9 From Sune Kloppenborg Jeppesen 2006-05-11 09:16:38 0000 ------- 
I tend to vote NO too.

------- Comment #10 From Raphael Marichez 2006-05-11 22:32:54 0000 ------- 
same, i tend to vote no

------- Comment #11 From Thierry Carrez (RETIRED) 2006-05-13 09:48:56 0000 ------- 
Voting no and closing.
First Last Prev Next    No search results available      Search page      Enter new bug