[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] imapd buffer overflow

To: linux-security
Subject: [linux-security] imapd buffer overflow
From: Martin Siegert <siegert@sfu.ca>
Date: Mon, 27 May 2002 19:17:21 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
buffer overflow in imap daemon allows unpermitted code execution

Problem Description
===================
UW imapd is an IMAP daemon from the University of Washington.  Version
2000c and previous versions have a bug that allows a malicious user to
construct a malformed request which overflows an internal buffer, enabling
that user to execute commands on the server with the user's UID/GID.

To exploit this problem the user has to have successfully authenticated to
the imapd service.  Therefore, this vulnerability mainly affects free email
providers or mail servers where the user has no shell access to the system.
On other systems, in which the user already has shell access, users can
already run commands under their own UIDs/GIDs.

Affected Systems
================
Systems that run the imap daemon (usually mail servers) versions 2000c
and earlier and do not allow shell access for users.
(RedHat 7.3 is not affected)

Solution
========
Ugrade to imap-2001a (or patched version for your distribution)

RedHat 6.x
----------
rpm -Fvh imap-2001a-1.62.0.i386.rpm imap-devel-2001a-1.62.0.i386.rpm

RedHat 7.0
----------
rpm -Fvh imap-2001a-1.70.0.i386.rpm imap-devel-2001a-1.70.0.i386.rpm

RedHat 7.1
----------
rpm -Fvh imap-2001a-1.71.0.i386.rpm imap-devel-2001a-1.71.0.i386.rpm

RedHat 7.2
----------
rpm -Fvh imap-2001a-1.72.0.i386.rpm imap-devel-2001a-1.72.0.i386.rpm

Caldera OpenLinux 3.1 and 3.1.1 Server and Workstation
------------------------------------------------------
rpm -Fvh imap-2000-14.i386.rpm imap-devel-2000-14.i386.rpm

Mandrake 7.1
------------
rpm -Fvh imap-2000c-4.9mdk.i586.rpm imap-devel-2000c-4.9mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh imap-2000c-4.8mdk.i586.rpm imap-devel-2000c-4.8mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh imap-2000c-4.7mdk.i586.rpm imap-devel-2000c-4.7mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh imap-2000c-7.1mdk.i586.rpm imap-devel-2000c-7.1mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh imap-2001a-5.1mdk.i586.rpm imap-devel-2001a-5.1mdk.i586.rpm

Prev by Date: [linux-security] sudo local root exploit
Next by Date: [linux-security] remotely-exploitable vulnerability in fetchmail
Prev by thread: [linux-security] remotely-exploitable vulnerability in fetchmail
Next by thread: [linux-security] sudo local root exploit
Index(es):
- Date
- Thread