Bugzilla – Bug 65795
VUL-0: CVE-2005-0546: cyrus-imapd: bugfix release
Last modified: 2021-10-27 15:57:50 UTC
... and here it is. From: Derrick J Brashear <shadow@andrew.cmu.edu> Subject: Cyrus IMAPd 2.2.11 Released To: info-cyrus@andrew.cmu.edu, post+comp.mail.imap@andrew.cmu.edu Date: Mon, 14 Feb 2005 02:14:44 -0500 (EST) X-SpamAssassin-Clean: 0 (none) X-Spam-Clean: 7% (__CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_VERSION 0, __SANE_MSGID 0) X-Spam-Status: No, hits=-1.5 tagged_above=-20.0 required=5.0 tests=BAYES_01 X-Spam-Level: I'm pleased to announce the release of Cyrus IMAPd 2.2.11. This release implements several bugfixes, including one byte buffer overruns in the imap annotate extension and in cached header handling which can be run by any authenticated user, and bounds checking in fetchnews which could be exploited by a peer news admin. It contains no new features. A full list of changes is available in doc/changes.html in the distribution. Download the release at: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz Thanks to Sean Larsson for the reports on the buffer overflows. Derrick Brashear ---
<!-- SBZ_reproduce --> -
Btw.: This bug also applies to ALL older maintained releases of SuSE.*Linux
SM-Tracker-382
Created attachment 28462 [details] patchinfo.cyrus-imapd
Created attachment 28463 [details] patchinfo-box.cyrus-imapd
please proff-read the patchinfo files before you submit them. thanks.
Hello folks, We recently received a report that Sean Larsson (infamous42md@hotpop.com) has discovered several potential vulnerabilities in the Cyrus IMAP server. Sean's advisory can be found at the following location: <http://www.infsec.net/cyrus_advisory.txt.gz> We are currently tracking these issues as follows: VU#209713 - Cyrus imapd contains buffer overflow in fetchnews component VU#822113 - Cyrus imapd contains buffer overflow in cmd_xfer() VU#246593 - Cyrus imapd contains buffer overflow in backend_connect() VU#674801 - Cyrus imapd contains buffer overflow in mailbox_cached_header() The Cyrus Project has also recently announced updated versions of the software containing patches for these issues:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33724 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33733 Since these issues are already publicly known and patches are available, we encourage you to incorporate fixes appropriately. We currently do not have any schedule for publication of vulnerability notes, but please feel free to send us updates, statements, or advisories as you develop them and we will incorporate them into the future notes. If you have any questions or concerns, please don't hesitate to contact us. Best Regards, Chad -- Chad Dougherty Internet Security Analyst __________________________________________________________ CERT(R) Coordination Center | cert@cert.org
Choeger, are you already working on updates?
Yes. QA (Heiko) is already testing...
ok :)
updates and advisory released
dfn-cert spotted a CAN we fixed with this update (annotate_obo.patch): CAN-2004-1067 - Off-by-one Fehler in mysasl_canon_user() ein Off-by-one Fehler in der Funktion mysasl_canon_user() kann dazu ausgenutzt werden, einen Buffer Overflow auszuloesen. Angreifer koennen diese Schwachstelle ueber das Netz dazu ausnutzen, beliebigen Code mit den Privilegien des IMAP-Servers auszufuehren, indem sie bei der SASL-Authentifikation einen entsprechend aufgebauten Usernamen angeben. This was already known in december.
Did this update fix all three issues mentioned here? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
need to confirm the can number
Carsten do the patches you applied fully fix CAN-2005-0546?
yes
ok, thanks
CVE-2005-0546: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)