Gentoo has acknowledged a vulnerability in courier-imap, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to incorrect handling of the "XMAILDIR" variable in courier-imapd.indirect and courier-pop3d.indirect. This may be exploited to e.g. execute commands with root privileges by logging in with specially crafted login data.
Solution: Update to "net-mail/courier-imap-4.0.6-r2" or later.
Provided and/or discovered by: CJ Kucera.
Original Advisory: http://www.gentoo.org/security/en/glsa/glsa-200704-18.xml
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org