Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[ESA-20020607-013] Remote buffer overflow in imap daemon

From: EnGarde Secure Linux <security () guardiandigital com>
Date: Fri, 7 Jun 2002 10:16:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   June 07, 2002 |
| http://www.engardelinux.org/                          ESA-20020607-013 |
|                                                                        |
| Package:  imap                                                         |
| Summary:  Remote buffer overflow in imap daemon.                       |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

OVERVIEW
- --------
  There is a buffer overflow vulnerability in imap which can allow a
  remote, authenticated user to execute commands as the user under which
  imapd is running.

DETAIL
- ------
  Marcell Fodor discovered a buffer overflow condition in the imap
  daemon from the University of Washington.  An authenticated user could
  send a malformed request to trigger the overflow and execute commands
  as the users UID/GID.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2002-0379 to this issue.

SOLUTION
- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh file

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv file

UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux Community
  Edition.

  Source Packages:

    SRPMS/imap-2000c-1.0.23.src.rpm
      MD5 Sum: 0092526c93d8dbb0d52617f413f08116

  Binary Packages:

    i386/imap-2000c-1.0.23.i386.rpm
      MD5 Sum: abb2189c4168ef80dc7a1884af3bac05

    i386/imap-2000c-1.0.23.i686.rpm
      MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5

REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Marcell Fodor <m.fodor () mail datanet hu>

  UW IMAP's Official Web Site:
    http://www.washington.edu/imap/

  Security Contact:    security () guardiandigital com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020607-013-imap,v 1.1 2002/06/07 14:00:00 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan () guardiandigital com> 
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9AMBeHD5cqd57fu0RAoqeAKCdOB5+l/ji+sgGOd8q1GfqBQnScACcDhxX
SIh5AMut+Gal6dY3pnLGOiM=
=lD8d
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: