Debian: cyrus-imapd buffer overflow vulnerability


- --------------------------------------------------------------------------
Debian Security Advisory DSA 215-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
December 23th, 2002                      Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : cyrus-imapd
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-0379
CERT Advisory  : VU#740169
BugTraq Id     : 6298

Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,
which could be exploited by a remote attacker prior to logging in.  A
malicious user could craft a request to run commands on the server under
the UID and GID of the cyrus server.

For the current stable distribution (woody) this problem has been
fixed in version 1.5.19-9.1.

For the old stable distribution (potato) this problem has been fixed
in version 1.5.19-2.2.

For the current unstable distribution (sid) this problem has been
fixed in version 1.5.19-9.10.  The cyrus21-imapd packages are not
vulnerable

We recommend that you upgrade your cyrus-imapd package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

      
      Size/MD5 checksum:      681 7ed2dc53009118f622c466c7490910eb
      
      Size/MD5 checksum:    15807 75de24bbbf6906b2dcbc58ff94480faa
      
      Size/MD5 checksum:   526190 b789ea3868be439c27b24a8aa6d0b99f

  Alpha architecture:

      
      Size/MD5 checksum:    42610 042e48cefd32648ad22780b2dd75d3e4
      
      Size/MD5 checksum:   570800 37eba3e8c00ceee87637527fda215e90
      
      Size/MD5 checksum:    83332 2d5105eebbace38839fe45897898560d
      
      Size/MD5 checksum:   165502 58d468b7568031ef6ebfb6d162a87ea2
      
      Size/MD5 checksum:   165366 a99934002ff65416f62949b48e161c2d
      
      Size/MD5 checksum:    78606 5616b0c2232bf237cd62aa79c60a74f6

  ARM architecture:

      
      Size/MD5 checksum:    38378 68c99d95c4bc94244aa11531643e752a
      
      Size/MD5 checksum:   427770 29731f1cd6ee7a1bc18fd43d21a30d99
      
      Size/MD5 checksum:    77060 c3ef8e84ea192e1792811c889b7e64f6
      
      Size/MD5 checksum:   130436 f4424382f2945d196ce68d9dfe51ce04
      
      Size/MD5 checksum:   126334 290490d751199efae7feb518fe5e209a
      
      Size/MD5 checksum:    59246 55abe9bb680c1bf75a1d8ccda8d5c0ef

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    37840 c86d3b23d50017c4caefebaffaa52c88
      
      Size/MD5 checksum:   409216 e03b8b803fdd52b16f0da981a32d7cbd
      
      Size/MD5 checksum:    72742 7b41f08a21aab4683c60e0ff0c87f4ad
      
      Size/MD5 checksum:   121794 a1afc55e62e68546e1f746bebf215010
      
      Size/MD5 checksum:   119050 1b7a6e684ffbf78d244ae1503aa06743
      
      Size/MD5 checksum:    55434 2e532f7b098b8009f8d4ea809bac8e6a

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    36688 0ec453438aeaeb79447e14dff4128b10
      
      Size/MD5 checksum:   381676 d9475e923d51d51b447cf5e08e0154a9
      
      Size/MD5 checksum:    71470 e51411412275e67040a780d8b14ac193
      
      Size/MD5 checksum:   111510 abf765dfa9f400f381d3302e23f2f0d8
      
      Size/MD5 checksum:   111542 5a9b7eacc475e4f19013d8a7ee5ef1a5
      
      Size/MD5 checksum:    52076 ebcd507e26ea1cf0294232f934c665ae

  PowerPC architecture:

      
      Size/MD5 checksum:    38778 853c9e576750c397455c1606253a47bd
      
      Size/MD5 checksum:   450088 49c3ed1a6e3dde88d682bb42b478830d
      
      Size/MD5 checksum:    77918 9bb9fdc6d905aa1af5273da6a43ae653
      
      Size/MD5 checksum:   132520 65ba9534cae7b0d23d2c3da115f8cf88
      
      Size/MD5 checksum:   132128 ca7f5069d2c2c4815677091caddbaad9
      
      Size/MD5 checksum:    61916 599a2f419306f34f7f954953431c9a5c

  Sun Sparc architecture:

      
      Size/MD5 checksum:    41222 574250cad0e3247980cdc9ede379e166
      
      Size/MD5 checksum:   446538 69beb1f33611a47889ddfba499ae1ac4
      
      Size/MD5 checksum:    76118 f16a315115d556d8088ac37ededd5b63
      
      Size/MD5 checksum:   133154 32aa7a5ed5bf3ae261c79c84bf6107b6
      
      Size/MD5 checksum:   129760 b42b8ca439832adef3417198104e3a45
      
      Size/MD5 checksum:    61624 53381aaf7b9ca1956e03f0adaa294b66


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      703 03fa333659ba86e1f6a5654c73c0419c
      
      Size/MD5 checksum:    32580 a3ed203eff5095754b1918a44c72a77f
      
      Size/MD5 checksum:   526190 b789ea3868be439c27b24a8aa6d0b99f

  Alpha architecture:

      
      Size/MD5 checksum:    43490 f4db5feda15c26bee8b46767c73ceafb
      
      Size/MD5 checksum:   566970 ab7ff32970435317b65a51c67e60e128
      
      Size/MD5 checksum:    86188 b5370e5edfb7221c0633331b2efb90ec
      
      Size/MD5 checksum:   164276 7b872501ab0ad28b17a68f6a0599b725
      
      Size/MD5 checksum:   162140 2402db60ecb922c719bb0ca80ca35097
      
      Size/MD5 checksum:    77552 dbafea98c34554a93e3e646caf3df8ed

  ARM architecture:

      
      Size/MD5 checksum:    39852 11c0f89746e288beae58cc62ca6b97c0
      
      Size/MD5 checksum:   437806 6b701e92f2abc07af14b4b9085646809
      
      Size/MD5 checksum:    80344 442a643b75fb202d6a0bb9e571487846
      
      Size/MD5 checksum:   134270 bd8c9b068c55bdb127ee2e359b7e3f53
      
      Size/MD5 checksum:   126702 1187b29da93ea4862c789d852fbf5a5c
      
      Size/MD5 checksum:    59750 3a3caa512cbf65eac17e50faf9e80593

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    38924 bfaab8f6db81dd162081f4c236a4d960
      
      Size/MD5 checksum:   416850 42ab62c6c0dcd027f4b6b21b460d1260
      
      Size/MD5 checksum:    75634 c151f3ea81e738188cead441a2110c13
      
      Size/MD5 checksum:   123420 962e0e7cc9109f34c1768188e16cc72f
      
      Size/MD5 checksum:   119822 3161e49d86884f326438d01b1b099bf0
      
      Size/MD5 checksum:    56208 bfdc5c727911f19a43ee75d6de4d0d41

  Intel IA-64 architecture:

      
      Size/MD5 checksum:    48776 4c64370ec2849b6c95ebc44de4cfc291
      
      Size/MD5 checksum:   656724 cddf516677920ad5606e87d2609e8521
      
      Size/MD5 checksum:    93280 ac7d194234d19aa602de3900117e6620
      
      Size/MD5 checksum:   198040 a399fe746566a9a80a57a0596258f0b2
      
      Size/MD5 checksum:   192390 e412c82b348b7a784bbac9d7ea1c6f3a
      
      Size/MD5 checksum:    90216 4ac43c84ed9b9a5fe7e287bf7127e536

  HP Precision architecture:

      
      Size/MD5 checksum:    42166 886143111f6cce37876e12ffabddcfc8
      
      Size/MD5 checksum:   484634 dc48dd627b15e2fcb704a68e7c9a38c8
      
      Size/MD5 checksum:    83920 dcabdba1473ed8599b4f4acac5e7f7bd
      
      Size/MD5 checksum:   145566 d43d7edadce853267d7aa5856760b912
      
      Size/MD5 checksum:   141960 3a5ba8eae1f255d90354271c0e6462f3
      
      Size/MD5 checksum:    65818 8d1969626dc7f19b63aebb99ca37fd81

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    37904 c1881ce09f8855371ccbbe3e24af7ff5
      
      Size/MD5 checksum:   387510 b3372c02bc627e71f3c58942676e6c73
      
      Size/MD5 checksum:    74290 7d05c013116eef0a9bb67964879e08da
      
      Size/MD5 checksum:   113354 86d9e65b7d2d719a42bf3016a2758d4d
      
      Size/MD5 checksum:   112042 a56badde3ffa2dab1152575be2b043b1
      
      Size/MD5 checksum:    52274 794a80d582276a4a5c67c05d98dca50e

  Big endian MIPS architecture:

      
      Size/MD5 checksum:    41522 00a7aed0c34fff8c88fc91efd1d9f1a0
      
      Size/MD5 checksum:   481446 772899fac06ed55e62e36ab711e0201e
      
      Size/MD5 checksum:    83226 20aed297c07c8eec8f4b0ae3891c81d7
      
      Size/MD5 checksum:   141616 494b49f1866e2b4849b41d25359178c4
      
      Size/MD5 checksum:   140252 0db3dcac7dd3762c858234bf5b40bf2a
      
      Size/MD5 checksum:    65700 3852d4c333200d476240e7c63626e2f0

  Little endian MIPS architecture:

      
      Size/MD5 checksum:    41650 43b8fe90f0a1b3b0bc7479a6a773725f
      
      Size/MD5 checksum:   486124 79be4f0ea1ca2bafc7a4cb1a01c099cb
      
      Size/MD5 checksum:    83324 52f8b0e955dd2c67fb984330517a1a0d
      
      Size/MD5 checksum:   143844 b19880c3f1c0c5d1562162098fced833
      
      Size/MD5 checksum:   141796 371b7d6898e2ccb91bc165de28203169
      
      Size/MD5 checksum:    66146 1c03a95b5983c6ba4cb2a27ba7aeb5bf

  PowerPC architecture:

      
      Size/MD5 checksum:    40158 9dd472cdf3509dcc5e065482e6d77ffd
      
      Size/MD5 checksum:   457326 2b72dd98148c854f465500bc345c7eaf
      
      Size/MD5 checksum:    80854 49c45a1c59010673ba167bf0331fa0dc
      
      Size/MD5 checksum:   134930 36e0dfb12165ad289172d85a77bbf29f
      
      Size/MD5 checksum:   133402 d4db29ae6f4d6802e02bcdb66a61a0e2
      
      Size/MD5 checksum:    62370 f82988c569a94f368d8c5cc7df98f007

  IBM S/390 architecture:

      
      Size/MD5 checksum:    40578 a55de3a30940aa8af266d06fb709bbcf
      
      Size/MD5 checksum:   425896 897c5163ff6f81f613b542668508f624
      
      Size/MD5 checksum:    77720 fa632ff17ca7f2b7c03b2dc0bd822d40
      
      Size/MD5 checksum:   127438 af839029be317f76e569373215212d54
      
      Size/MD5 checksum:   122952 babf1fc12682d6c61316a335c5ae2530
      
      Size/MD5 checksum:    58376 80609b6a3f1bc1801a1635be6a054981

  Sun Sparc architecture:

      
      Size/MD5 checksum:    39810 95d1263c795e9fde2650106b620f1bad
      
      Size/MD5 checksum:   435842 83ecee19b8dc92aaa6fb881c27b80dde
      
      Size/MD5 checksum:    79284 93ed311588e9922541f263dba2eac56f
      
      Size/MD5 checksum:   130800 fedae0b42f33ea5e4a79bcd7b87e52cc
      
      Size/MD5 checksum:   126886 a61b3c09914174a523855c4571064ddb
      
      Size/MD5 checksum:    60116 7c15618cbcc041fbc774577e6baed0f6


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/
Debian: cyrus-imapd buffer overflow vulnerability

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
