aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2005-06-04 03:29:42 +0800
committernectar <nectar@FreeBSD.org>2005-06-04 03:29:42 +0800
commitda520f643b44b7e442e048c2aadb27a3ec122718 (patch)
treecaf3694256480fa67385385a7f5fa3385861ee28
parentd931065869284c9a718f5a566e8d78d7544d8ca2 (diff)
downloadfreebsd-ports-gnome-da520f643b44b7e442e048c2aadb27a3ec122718.tar.gz
freebsd-ports-gnome-da520f643b44b7e442e048c2aadb27a3ec122718.tar.zst
freebsd-ports-gnome-da520f643b44b7e442e048c2aadb27a3ec122718.zip
Document an authentication bypass vulnerability in imap-uw.
Diffstat
-rw-r--r--security/vuxml/vuln.xml27
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 488f88e15c08..d3087b7ac779 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,33 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616">
+ <topic>imap-uw -- authentication bypass when CRAM-MD5 is enabled</topic>
+ <affects>
+ <package>
+ <name>imap-uw</name>
+ <range><lt>2004b,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CRAM-MD5 authentication support of the University of
+ Washington IMAP and POP3 servers contains a vulnerability that
+ may allow an attacker to bypass authentication and impersonate
+ arbitrary users. Only installations with CRAM-MD5 support
+ configured are affected.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2005-0198</cvename>
+ <certvu>702777</certvu>
+ </references>
+ <dates>
+ <discovery>2005-01-04</discovery>
+ <entry>2005-06-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5bf1a715-cc57-440f-b0a5-6406961c54a7">
<topic>squid -- denial-of-service vulnerabilities</topic>
<affects>
generated by cgit (git 2.34.1) at 2024-11-25 21:22:03 +0800