SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Cyrus IMAP Server Vendors:   Carnegie Mellon University
(Mandrake Issues Fix) Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013381
SecurityTracker URL:  http://securitytracker.com/id/1013381
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Mar 7 2005
Original Entry Date:  Mar 6 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.11
Description:   Some buffer overflow vulnerabilities were reported in Cyrus IMAPd. A remote authenticated user may be able to execute arbitrary code.

There are some single byte buffer overflows in the imap annotate extension functions and in the processing of cached headers. A remote authenticated user can invoke these functions to trigger the buffer overflow.

There is also a buffer overflow in the fetchnews function. A news administrator on a peer news system can trigger this buffer overflow.

Sean Larsson is credited with reporting these flaws.

Impact:   A remote authenticated user may be able to execute arbitrary code on the target system with the privileges of the imap service.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
15b7624cdc9037f9c4e79c600073ecf8 10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
05600c038393a440b049b61e561221c3 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
785c6f762ef8653dbd94820b0b6381a1 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
c11e66f88672e11d1702725479a7f0d5 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
71aa4e964c66ad49b2ae669cbb6e9bd1 10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
ffeeb4eb0f65ca39e11c180601a35d68 10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e8c78f838cca93171d2f8cd5c8c9a879 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
e5477d6d98bc82e9ab8c1a839055cc43 amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
a89538a6bc145fec9e2b6b17e37d2e5e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
52b24414eee9d6fea4fe2ddf4f27bd1f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
f802162383bf61b4d9187e180b2c2bf1 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
ffeeb4eb0f65ca39e11c180601a35d68 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

Mandrakelinux 10.1:
f6cdca31a854112c2ca5f74776776f1c 10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
8b5794bf11f4b7999830efa69e2d28f8 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
4c11340d7e1f25bd0ab640a6d716ddd0 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
0f0e1f74726f916c0e34f2d297f7fb98 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
e336fb5ddea4b2b97e91aad061293160 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
3a9335988510ec620e6a111f92aefb48 10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
525da02530ca95c483aca8267b759219 10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
230bb0fcbe79666f2e7a58d86320277e x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
7b9c9cd889f294a04952d6e4491ac8bf x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
d859ab07c750bfdfd50f770bd7e3c54d x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
1b88303a5c38ebf4dfff3867d95db3cf x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
82ae917972b5cf748d7ba2401da0ec83 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
b8c33ab3333f8c6757bc554f1b735d8f x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
525da02530ca95c483aca8267b759219 x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

Corporate 3.0:
5f9b9b9352a4bf01e1d7d60bc0b2acd4 corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
611e40f49b42c9bef517f577ae84e118 corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
c5a7d27fec6bf10bc5a423d5228c3c97 corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
ddaafa645b1052c4008805a6755983c6 corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
00b8785bd521991143ab1dac0d5862c1 corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
709aa090996e807f3370552cb810f15e corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
b6b638cfe6bffc99873d5ee0b0fcd8d0 x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
2f4d38c95aaf387e3d60c3ccf5fa16eb x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
47e1de6c31502c7b799eff36a555b5bd x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
dfbb236b3d834829b29ddcb49a0261b0 x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
74c7c8947715bf3c911b691afc46c8ea x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
709aa090996e807f3370552cb810f15e x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

Vendor URL:  asg.web.cmu.edu/cyrus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 10.1, Corporate 3.0

Message History:   This archive entry is a follow-up to the message listed below.
Feb 24 2005 Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Security Announce] MDKSA-2005:051 - Updated cyrus-imapd packages


This is a multi-part message in MIME format...

------------=_1109976243-593-1029

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-imapd
 Advisory ID:            MDKSA-2005:051
 Date:                   March 4th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Several overruns have been fixed in the IMAP annote extension as well
 as in cached header handling which can be run by an authenticated
 user.  As well, additional bounds checking in fetchnews was improved
 to avoid exploitation by a peer news admin.
 _______________________________________________________________________

 References:

  http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 15b7624cdc9037f9c4e79c600073ecf8  10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
 05600c038393a440b049b61e561221c3  10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
 785c6f762ef8653dbd94820b0b6381a1  10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
 c11e66f88672e11d1702725479a7f0d5  10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
 71aa4e964c66ad49b2ae669cbb6e9bd1  10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
 ffeeb4eb0f65ca39e11c180601a35d68  10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e8c78f838cca93171d2f8cd5c8c9a879  amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
 e5477d6d98bc82e9ab8c1a839055cc43  amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
 a89538a6bc145fec9e2b6b17e37d2e5e  amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
 52b24414eee9d6fea4fe2ddf4f27bd1f  amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
 f802162383bf61b4d9187e180b2c2bf1  amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
 ffeeb4eb0f65ca39e11c180601a35d68  amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 f6cdca31a854112c2ca5f74776776f1c  10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
 8b5794bf11f4b7999830efa69e2d28f8  10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
 4c11340d7e1f25bd0ab640a6d716ddd0  10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
 0f0e1f74726f916c0e34f2d297f7fb98  10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
 e336fb5ddea4b2b97e91aad061293160  10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
 3a9335988510ec620e6a111f92aefb48  10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
 525da02530ca95c483aca8267b759219  10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 230bb0fcbe79666f2e7a58d86320277e  x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
 7b9c9cd889f294a04952d6e4491ac8bf  x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
 d859ab07c750bfdfd50f770bd7e3c54d  x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
 1b88303a5c38ebf4dfff3867d95db3cf  x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
 82ae917972b5cf748d7ba2401da0ec83  x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
 b8c33ab3333f8c6757bc554f1b735d8f  x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
 525da02530ca95c483aca8267b759219  x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

 Corporate 3.0:
 5f9b9b9352a4bf01e1d7d60bc0b2acd4  corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
 611e40f49b42c9bef517f577ae84e118  corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
 c5a7d27fec6bf10bc5a423d5228c3c97  corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
 ddaafa645b1052c4008805a6755983c6  corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
 00b8785bd521991143ab1dac0d5862c1  corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
 709aa090996e807f3370552cb810f15e  corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b6b638cfe6bffc99873d5ee0b0fcd8d0  x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
 2f4d38c95aaf387e3d60c3ccf5fa16eb  x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
 47e1de6c31502c7b799eff36a555b5bd  x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
 dfbb236b3d834829b29ddcb49a0261b0  x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
 74c7c8947715bf3c911b691afc46c8ea  x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
 709aa090996e807f3370552cb810f15e  x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCKNPimqjQ0CJFipgRAh13AJ4u/uO5sSdIXaQ70lYusdsatCO2fQCfTyz6
i7H+T0VRG5cGivhnfd8OExo=
=zb/p
-----END PGP SIGNATURE-----


------------=_1109976243-593-1029
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1109976243-593-1029--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC