Date: Wed, 1 Aug 2001 15:32:39 -0600
From: supinfo <firstname.lastname@example.org>
Subject: Security Update [CSSA-2001-026.0] Linux - Security problems in imp
Caldera International, Inc. Security Advisory
Subject: Linux - Security problems in imp
Advisory number: CSSA-2001-027.0
Issue date: 2001, July 31
1. Problem Description
There are several security problems with IMP, a PHP based webmail
application, shipped as part of OpenLinux 3.1 Server. These
vulnerabilities allowed attackers to execute commands with the
privileges of the httpd account.
2. Vulnerable Versions
OpenLinux 2.3 not vulnerable
OpenLinux eServer 2.3.1 not vulnerable
and OpenLinux eBuilder
OpenLinux eDesktop 2.4 not vulnerable
OpenLinux Server 3.1 All packages previous to
OpenLinux Workstation 3.1 not vulnerable
If you do not need imp/horde, remove the packages:
rpm -e imp horde
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
6. OpenLinux eDesktop 2.4
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
The corresponding source code package can be found at:
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh horde-1.2.6-1.i386.rpm/ imp-2.2.6-1.i386.rpm/
8. OpenLinux 3.1 Workstation
This and other Caldera security resources are located at:
This security fix closes Caldera's internal Problem Report 10264.
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.