SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Cyrus IMAP Server Vendors:   Carnegie Mellon University
Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012299
SecurityTracker URL:  http://securitytracker.com/id/1012299
CVE Reference:   CVE-2004-1011, CVE-2004-1012, CVE-2004-1013   (Links to External Site)
Date:  Nov 23 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.2.8 and prior versions
Description:   Several vulnerabilities were reported in the Cyrus IMAP server. A remote user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported a variety of bugs. A remote user can trigger a stack overflow in the PROXY and LOGIN commands when the imapmagicplus is enabled on the target server [CVE: CVE-2004-1011]. The username value is not properly validated. Versions 2.2.4 - 2.2.8 are affected.

It is also reported that a remote authenticated user can trigger a memory corruption error in the PARTIAL command [CVE: CVE-2004-1012], exploitable in versions 2.2.6 and prior versions. A remote authenticated user can execute arbitrary code.

It is also reported that a remtoe authenticated user can trigger a memory corruption error in the processing of the FETCH command [CVE: CVE-2004-1013] to execute arbitrary code.

In versions 2.2.7 and 2.2.8, it is also reported that a flaw in processing the MULTIAPPENDS command may cause uninitialized memory to be freed, which may lead to arbitrary code execution.

The vendor was notified on November 6, 2004.

The original advisory is available at:

http://security.e-matters.de/advisories/152004.html

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the imapd process.
Solution:   The vendor has issued a fixed version (2.2.9), available at:

http://asg.web.cmu.edu/cyrus/download/

Vendor URL:  asg.web.cmu.edu/cyrus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 25 2004 (Debian Issues Fix) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Debian has released a fix.
Nov 25 2004 (Mandrake Issues Fix) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Nov 26 2004 (Gentoo Issues Fix) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.
Dec 2 2004 (Conectiva Issues Fix) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Conectiva has released a fix.
Dec 2 2004 (Fedora Issues Fix for FC2) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 2.
Dec 2 2004 (Fedora Issues Fix for FC3) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 3.
Mar 22 2005 (Apple Issues Fix for OS X) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
Apple has issued a fix for Mac OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC