Subject: Caldera Security Advisory 97.01: Vulnerability in POP and IMAP daemons Caldera Security Advisory SA-97.01 March 4th, 1997 Topic: Vulnerability in POP and IMAP daemons I. Problem Description A vulnerability exists within IMAP and POP daemons that will allow arbitrary individuals to obtain root access to servers running these servers. II. Impact On systems such as Caldera OpenLinux 1.0, an unprivileged user can obtain root access. III. Solution As a temporary workaround, you can disable the POP and IMAP services in /etc/inetd.conf, and then kill and restart inetd. A better solution is to install the new RPM package that contains the fixed versions of the IMAP and POP daemons. They are located on Caldera's FTP server (ftp.caldera.com): /pub/openlinux/updates/1.0/006/RPMS/imap-4.1.BETA-1.i386.rpm The MD5 checksum (from the "md5sum" command) for this package is: 45a758dfd30f6d0291325894f9ec4c18 IV. References This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ This advisory is based on the Security Advisory dated 2-Mar-1997 from Secure Networks Inc. For more information see: http://www.secnet.com.