SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Cyrus IMAP Server Vendors:   Carnegie Mellon University
(Mandrake Issues Fix) Cyrus IMAP 'imap magic plus' Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012331
SecurityTracker URL:  http://securitytracker.com/id/1012331
CVE Reference:   CVE-2004-1015   (Links to External Site)
Date:  Nov 26 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.2.9 and prior versions
Description:   A buffer overflow vulnerability was reported in Cyrus IMAP in proxyd. A remote user can execute arbitrary code.

It is reported that the 'imap magic plus' support code contains a buffer overflow that can be triggered by a remote user prior to authentication.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
d24a96383803817c7bc4873eddd788c5 10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
4e2abc98c3467167e7d1e80c8673e627 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
c86e00c698a0c1c6a86b72822822a21d 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
7ad76d69b422fe93b819290dbb19d9c3 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
96fd3591c761678893f43e86579a126d 10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
89a64ea4af5fb2b3867e15abe1f38813 10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8c0a0ae9b8af0e852ff537790bb78b79 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
54e359a8a63cf94d35cdda65455d8c2a amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
560d64e9c9db0f0aa7d20223b525a30e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
f283e5fa417f62422cceed597972158f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
547ae80ca8ef2a37f6afd877bc89b324 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
89a64ea4af5fb2b3867e15abe1f38813 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

Mandrakelinux 10.1:
d8789ade849ca9fa4ca29320c538ec7d 10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
2d10d7a5405712dc6fa60e0c751e6935 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
a9bb0d482e65acfc4c0b55aa8449e61c 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
5bd8c7ea1891db4d8eb9dd691480a0df 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
6a62e104fd24f40b85b673529aa82b38 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
865c36af331c9bd111fd20d0d777a674 10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
031465e275846f22279d4817f3b2a12d 10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
14302a4c19f67e797cf02278c2ac42c6 x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
b4e6c99bfdeac90e16475eec2e651b0e x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
38a0a974e95c96787bc857bb358afa84 x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
bf5d0e23fa0a4ebbd1a46277621a4bb8 x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
b9f2f06d42079cb81221688d46c34446 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
f71573be7c4c32bf330ea105dff7df8b x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
031465e275846f22279d4817f3b2a12d x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

Vendor URL:  asg.web.cmu.edu/cyrus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 10.1

Message History:   This archive entry is a follow-up to the message listed below.
Nov 25 2004 Cyrus IMAP 'imap magic plus' Buffer Overflow Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:139 - Updated cyrus-imapd packages


This is a multi-part message in MIME format...

------------=_1101421776-1122-1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-imapd
 Advisory ID:            MDKSA-2004:139
 Date:                   November 25th, 2004

 Affected versions:	 10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities in the Cyrus-IMAP server were found by
 Stefan Esser.  Due to insufficient checking within the argument
 parser of the 'partial' and 'fetch' commands, a buffer overflow could
 be exploited to execute arbitrary attacker-supplied code.  Another
 exploitable buffer overflow could be triggered in situations when
 memory allocation files.
 
 The provided packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d24a96383803817c7bc4873eddd788c5  10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
 4e2abc98c3467167e7d1e80c8673e627  10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
 c86e00c698a0c1c6a86b72822822a21d  10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
 7ad76d69b422fe93b819290dbb19d9c3  10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
 96fd3591c761678893f43e86579a126d  10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
 89a64ea4af5fb2b3867e15abe1f38813  10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8c0a0ae9b8af0e852ff537790bb78b79  amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
 54e359a8a63cf94d35cdda65455d8c2a  amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
 560d64e9c9db0f0aa7d20223b525a30e  amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
 f283e5fa417f62422cceed597972158f  amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
 547ae80ca8ef2a37f6afd877bc89b324  amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
 89a64ea4af5fb2b3867e15abe1f38813  amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 d8789ade849ca9fa4ca29320c538ec7d  10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
 2d10d7a5405712dc6fa60e0c751e6935  10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
 a9bb0d482e65acfc4c0b55aa8449e61c  10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
 5bd8c7ea1891db4d8eb9dd691480a0df  10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
 6a62e104fd24f40b85b673529aa82b38  10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
 865c36af331c9bd111fd20d0d777a674  10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
 031465e275846f22279d4817f3b2a12d  10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 14302a4c19f67e797cf02278c2ac42c6  x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
 b4e6c99bfdeac90e16475eec2e651b0e  x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
 38a0a974e95c96787bc857bb358afa84  x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
 bf5d0e23fa0a4ebbd1a46277621a4bb8  x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
 b9f2f06d42079cb81221688d46c34446  x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
 f71573be7c4c32bf330ea105dff7df8b  x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
 031465e275846f22279d4817f3b2a12d  x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBplnemqjQ0CJFipgRApbUAJ983C6D2j81TXcJc1N2Kz8Gk4jAPACeNsKQ
6pyLvL8CtlWKztkm1J3yzu4=
=N1Yf
-----END PGP SIGNATURE-----


------------=_1101421776-1122-1227
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1101421776-1122-1227--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC