Conectiva Security Announcement - cyrus-imapd - mailing.unix.bugtraq

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

mailing.unix.bugtraq

Discussions

+ new post

About this group

Subscribe to this group

This is a Usenet group - learn more

Conectiva Security Announcement - cyrus-imapd

Options

1 message - Expand all

Conectiva Updates

View profile

More options Dec 1 2004, 4:22 pm

Newsgroups: mailing.unix.bugtraq

From: sec...@conectiva.com.br (Conectiva Updates)

Date: Thu, 2 Dec 2004 05:22:50 +0800 (CST)

Local: Wed, Dec 1 2004 4:22 pm

Subject: [CLA-2004:904] Conectiva Security Announcement - cyrus-imapd

Print | Individual message | Show original | Report this message | Find messages by this author

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : cyrus-imapd
SUMMARY : Multiple vulnerabilities in cyrus-imapd
DATE : 2004-12-01 18:21:00
ID : CLA-2004:904
RELEVANT
RELEASES : 9, 10

- -------------------------------------------------------------------------

DESCRIPTION
cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced
features such as SASL authentication, server-side mail filtering,
mailbox ACLs and others.

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd:

(if not mentioned otherwise, all vulnerabilities affect both
Conectiva Linux 9 and 10)

1. "imapmagicplus" buffer overflow (CAN-2004-1011)[3]
If the "imapmagicplus" option is enabled in the server's
configuration file, then the LOGIN and PROXY commands can be abused
to cause a buffer overflow, allowing remote unauthenticated attackers
to execute arbitrary code as the "cyrus" user.

Later on it has been found that the proxyd service also suffered[6]
(CAN-2004-1015) from the same problem.

Conectiva Linux 9 is not affected by these vulnerabilities.

2. PARTIAL command vulnerability (CAN-2004-1012)[4]
The PARTIAL command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the "cyrus" user.

3. FETCH command vulnerability (CAN-2004-1013)[5]
The FETCH command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the "cyrus" user.

All these vulnerabilities have been fixed upstream with new versions
of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x
branch.

Below are additional changes in our RPM packages:
- for CL10: SNMP support has been removed. It needs a newer net-snmp
library than the one that is currently being shipped;
- for CL10: the script which attempts to convert the imapd.conf
configuration file from 2.1.x to the 2.2.x format has been fixed.
Previously it would mangle TLS directives;
- for CL9: the init script has been fixed to allow GSSAPI
authentication and also to restart the server if it was already
running;
- for CL9: the cyrus-imapd package now explicitly conflicts with
uw-imap-server and uw-pop-server.

SOLUTION
It is recommended that all cyrus-imapd users upgrade their packages.
The service will be automatically restarted after the upgrade if
needed.

REFERENCES
1. http://asg.web.cmu.edu/cyrus/imapd/
2. http://security.e-matters.de/advisories/152004.html
3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
7. http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscr...@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscr...@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBrifp42jd0JmAcZARAl8pAJ9XYSysXc85YP1SecR8c8iXT4W8aQCdFPS7
wuZJWDfIEUeGq3HGN8ExHFY=
=XDib
-----END PGP SIGNATURE-----

End of messages

« Back to Discussions

« Newer topic

Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options