Hi all,
I wish to advise that a security vulnerability has been
found in perdition which may lead to an attacker being
able to execute arbitrary code on the machine running
perdition without the need for authentication.
Details of the bug can be found at
http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html
A Patch to resolve the problem has been committed to CVS
http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in…
A bug-fix release, 1.17.1 has been made. This includes a minimal
set of changes on top of 1.17
http://www.vergenet.net/linux/perdition/download/1.17.1/
There are also interim Debian packages under the URL above.
The bug will be hence forth tracked as CVE-2007-5740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5740
--
Horms
H:
http://www.vergenet.net/~horms/
W:
http://www.valinux.co.jp/en/