CVE-2005-0198

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
uw-imap	7.04 feisty	Fixed 2002edebian1-13
	6.10 edgy	Fixed 2002edebian1-13
	6.06 LTS dapper	Fixed 2002edebian1-13

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0198