SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Cyrus IMAP Server Vendors:   Carnegie Mellon University
Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013278
SecurityTracker URL:  http://securitytracker.com/id/1013278
CVE Reference:   CVE-2005-0546   (Links to External Site)
Updated:  May 17 2005
Original Entry Date:  Feb 24 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.11
Description:   Some buffer overflow vulnerabilities were reported in Cyrus IMAPd. A remote authenticated user may be able to execute arbitrary code.

There are some single byte buffer overflows in the imap annotate extension functions and in the processing of cached headers. A remote authenticated user can invoke these functions to trigger the buffer overflow.

There is also a buffer overflow in the fetchnews function. A news administrator on a peer news system can trigger this buffer overflow.

Sean Larsson is credited with reporting these flaws.

Impact:   A remote authenticated user may be able to execute arbitrary code on the target system with the privileges of the imap service.
Solution:   The vendor has issued a fixed version (2.2.11), available at:

ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Vendor URL:  asg.web.cmu.edu/cyrus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 24 2005 (Gentoo Issues Fix) Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.
Mar 6 2005 (Mandrake Issues Fix) Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
May 17 2005 (Red Hat Issues Fix) Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix.



 Source Message Contents

Subject:  CyrusIMAPd 2.2.11 Released


I'm pleased to announce the release of Cyrus IMAPd 2.2.11.  This release
implements several bugfixes, including one byte buffer overruns in the 
imap annotate extension and in cached header handling which can be run by 
any authenticated user, and bounds checking in fetchnews which could be 
exploited by a peer news admin.

It contains no new features.

A full list of changes is available in doc/changes.html in the 
distribution.

Download the release at:
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz
or
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Thanks to Sean Larsson for the reports on the buffer overflows.

Derrick Brashear
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC