DESCRIPTION cyrus-imapd is an IMAP and POP3 mail server with several advanced features such as SASL authentication, server-side mail filtering, mailbox ACLs and others.
Stefan Esser from e-matters security recently published several vulnerabilities in cyrus-imapd:
(if not mentioned otherwise, all vulnerabilities affect both Conectiva Linux 9 and 10)
1. "imapmagicplus" buffer overflow (CAN-2004-1011) If the "imapmagicplus" option is enabled in the server's configuration file, then the LOGIN and PROXY commands can be abused to cause a buffer overflow, allowing remote unauthenticated attackers to execute arbitrary code as the "cyrus" user.
Later on it has been found that the proxyd service also suffered (CAN-2004-1015) from the same problem.
Conectiva Linux 9 is not affected by these vulnerabilities.
2. PARTIAL command vulnerability (CAN-2004-1012) The PARTIAL command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the "cyrus" user.
3. FETCH command vulnerability (CAN-2004-1013) The FETCH command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the "cyrus" user.
All these vulnerabilities have been fixed upstream with new versions of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x branch.
Below are additional changes in our RPM packages: - for CL10: SNMP support has been removed. It needs a newer net-snmp library than the one that is currently being shipped; - for CL10: the script which attempts to convert the imapd.conf configuration file from 2.1.x to the 2.2.x format has been fixed. Previously it would mangle TLS directives; - for CL9: the init script has been fixed to allow GSSAPI authentication and also to restart the server if it was already running; - for CL9: the cyrus-imapd package now explicitly conflicts with uw-imap-server and uw-pop-server.
SOLUTION It is recommended that all cyrus-imapd users upgrade their packages. The service will be automatically restarted after the upgrade if needed.