SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Cyrus IMAP Server Vendors:   Carnegie Mellon University
(Fedora Issues Fix for FC3) Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012378
SecurityTracker URL:  http://securitytracker.com/id/1012378
CVE Reference:   CVE-2004-1011, CVE-2004-1012, CVE-2004-1013   (Links to External Site)
Date:  Dec 2 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.2.8 and prior versions
Description:   Several vulnerabilities were reported in the Cyrus IMAP server. A remote user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported a variety of bugs. A remote user can trigger a stack overflow in the PROXY and LOGIN commands when the imapmagicplus is enabled on the target server [CVE: CVE-2004-1011]. The username value is not properly validated. Versions 2.2.4 - 2.2.8 are affected.

It is also reported that a remote authenticated user can trigger a memory corruption error in the PARTIAL command [CVE: CVE-2004-1012], exploitable in versions 2.2.6 and prior versions. A remote authenticated user can execute arbitrary code.

It is also reported that a remtoe authenticated user can trigger a memory corruption error in the processing of the FETCH command [CVE: CVE-2004-1013] to execute arbitrary code.

In versions 2.2.7 and 2.2.8, it is also reported that a flaw in processing the MULTIAPPENDS command may cause uninitialized memory to be freed, which may lead to arbitrary code execution.

The vendor was notified on November 6, 2004.

The original advisory is available at:

http://security.e-matters.de/advisories/152004.html

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the imapd process.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

3046ae0d6ae91d5a320a61d63d7cd758 SRPMS/cyrus-imapd-2.2.10-1.fc3.src.rpm
b96d8b8f7e004f15ea33e20d62487220 x86_64/cyrus-imapd-2.2.10-1.fc3.x86_64.rpm
cbd49b9ba05c908062ec9bbb870b96c9 x86_64/cyrus-imapd-murder-2.2.10-1.fc3.x86_64.rpm
dd901f900d3c5f35d5c1f5ba1ec04c2b x86_64/cyrus-imapd-nntp-2.2.10-1.fc3.x86_64.rpm
d20dbbc2a240d6b9a379e5628481a7a2 x86_64/cyrus-imapd-devel-2.2.10-1.fc3.x86_64.rpm
b13216f4a919d8cad9356e9f43d77f75 x86_64/perl-Cyrus-2.2.10-1.fc3.x86_64.rpm
5a21ed43e2ea56cdd7593ebaae2a8d9f x86_64/cyrus-imapd-utils-2.2.10-1.fc3.x86_64.rpm
8f2e20bdcda98aface6e953cb2fb7816 i386/cyrus-imapd-2.2.10-1.fc3.i386.rpm
1a7762f45b251d4305a68501d8160f0f i386/cyrus-imapd-murder-2.2.10-1.fc3.i386.rpm
50d7db7c3122324988eb3aa526c443ac i386/cyrus-imapd-nntp-2.2.10-1.fc3.i386.rpm
1e7f3b53af6f208d89d1825395530d77 i386/cyrus-imapd-devel-2.2.10-1.fc3.i386.rpm
ab9fefae62a9b7c342f5f662fcdc2748 i386/perl-Cyrus-2.2.10-1.fc3.i386.rpm
f7455698af9604eb8d7dcd371de5895f i386/cyrus-imapd-utils-2.2.10-1.fc3.i386.rpm

Vendor URL:  asg.web.cmu.edu/cyrus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Nov 23 2004 Cyrus IMAP Server Memory Errors May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  Subject: [SECURITY] Fedora Core 3 Update: cyrus-imapd-2.2.10-1.fc3


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-487
2004-12-01
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : cyrus-imapd
Version     : 2.2.10                      
Release     : 1.fc3                  
Summary     : A high-performance mail server with IMAP, POP3, NNTP and SIEVE support.
Description :
The cyrus-imapd package contains the core of the Cyrus IMAP server.
It is a scaleable enterprise mail system designed for use from
small to large enterprise environments using standards-based
internet mail technologies.

A full Cyrus IMAP implementation allows a seamless mail and bulletin
board environment to be set up across multiple servers. It differs from
other IMAP server implementations in that it is run on "sealed"
servers, where users are not normally permitted to log in. The mailbox
database is stored in parts of the filesystem that are private to the
Cyrus IMAP server. All user access to mail is through software using
the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for
security.

---------------------------------------------------------------------
Update Information:

Fix several buffer overflow problems that could be used as an exploit.
Fixes the following security advisories:
CAN-2004-1011 CAN-2004-1012 CAN-2004-1013 CAN-2004-1015
---------------------------------------------------------------------
* Tue Nov 30 2004 John Dennis <jdennis@redhat.com> 2.2.10-1.fc3

- update to Simon Matter's 2.2.10 RPM,
  fixes bug #139382, 
  security advisories: CAN-2004-1011 CAN-2004-1012 CAN-2004-1013 CAN-2004-1015

* Wed Nov 24 2004 Simon Matter <simon.matter@invoca.ch>

- updated to 2.2.10

* Tue Nov 23 2004 Simon Matter <simon.matter@invoca.ch>

- updated to 2.2.9

* Fri Nov 19 2004 Simon Matter <simon.matter@invoca.ch>

- changed scripts to use runuser instead of su if available

* Thu Nov 18 2004 Simon Matter <simon.matter@invoca.ch>

- changed requirement for file >= 3.35-1 from BuildPrereq to
  Requires, fixes RedHat's bug #124991
- added acceptinvalidfrom patch to fix RedHat's bug #137705


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

3046ae0d6ae91d5a320a61d63d7cd758  SRPMS/cyrus-imapd-2.2.10-1.fc3.src.rpm
b96d8b8f7e004f15ea33e20d62487220  x86_64/cyrus-imapd-2.2.10-1.fc3.x86_64.rpm
cbd49b9ba05c908062ec9bbb870b96c9  x86_64/cyrus-imapd-murder-2.2.10-1.fc3.x86_64.rpm
dd901f900d3c5f35d5c1f5ba1ec04c2b  x86_64/cyrus-imapd-nntp-2.2.10-1.fc3.x86_64.rpm
d20dbbc2a240d6b9a379e5628481a7a2  x86_64/cyrus-imapd-devel-2.2.10-1.fc3.x86_64.rpm
b13216f4a919d8cad9356e9f43d77f75  x86_64/perl-Cyrus-2.2.10-1.fc3.x86_64.rpm
5a21ed43e2ea56cdd7593ebaae2a8d9f  x86_64/cyrus-imapd-utils-2.2.10-1.fc3.x86_64.rpm
8f2e20bdcda98aface6e953cb2fb7816  i386/cyrus-imapd-2.2.10-1.fc3.i386.rpm
1a7762f45b251d4305a68501d8160f0f  i386/cyrus-imapd-murder-2.2.10-1.fc3.i386.rpm
50d7db7c3122324988eb3aa526c443ac  i386/cyrus-imapd-nntp-2.2.10-1.fc3.i386.rpm
1e7f3b53af6f208d89d1825395530d77  i386/cyrus-imapd-devel-2.2.10-1.fc3.i386.rpm
ab9fefae62a9b7c342f5f662fcdc2748  i386/perl-Cyrus-2.2.10-1.fc3.i386.rpm
f7455698af9604eb8d7dcd371de5895f  i386/cyrus-imapd-utils-2.2.10-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


-- 
John Dennis <jdennis@redhat.com>

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC