U radu programskog paketa cyrus-imapd uočen je sigurnosni propust. Moguće ga je iskoristiti za udaljeno pokretanje proizvoljnog programskog koda.
| Paket: | cyrus-imapd 2.x |
| Operacijski sustavi: | Fedora 14, Fedora 15 |
| Kritičnost: | 6.5 |
| Problem: | pogreška u programskoj funkciji, preljev međuspremnika |
| Iskorištavanje: | udaljeno |
| Posljedica: | proizvoljno izvršavanje programskog koda |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-3208 |
| Izvorni ID preporuke: | FEDORA-2011-13869 |
| Izvor: | Fedora |
| Problem: | |
| Propust se očituje u prepisivanju spremnika na stogu u funkciji "split_wildmats" (nntpd.c). |
|
| Posljedica: | |
| Napadaču omogućuje pokretanje proizvoljnog programskog koda pomoću posebno oblikovane NNTP naredbe. |
|
| Rješenje: | |
| Svim se korisnicima preporuča instalacija odgovarajućih zakrpa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13869
2011-10-05 23:31:01
--------------------------------------------------------------------------------
Name : cyrus-imapd
Product : Fedora 14
Version : 2.3.18
Release : 1.fc14
URL : http://www.cyrusimap.org/
Summary : A high-performance mail server with IMAP, POP3, NNTP and SIEVE
support
Description :
The cyrus-imapd package contains the core of the Cyrus IMAP server.
It is a scaleable enterprise mail system designed for use from
small to large enterprise environments using standards-based
internet mail technologies.
A full Cyrus IMAP implementation allows a seamless mail and bulletin
board environment to be set up across multiple servers. It differs from
other IMAP server implementations in that it is run on "sealed"
servers, where users are not normally permitted to log in and have no
system account on the server. The mailbox database is stored in parts
of the file system that are private to the Cyrus IMAP server. All user
access to mail is through software using the IMAP, POP3 or KPOP
protocols. It also includes support for virtual domains, NNTP,
mailbox annotations, and much more. The private mailbox database design
gives the server large advantages in efficiency, scalability and
administratability. Multiple concurrent read/write connections to the
same mailbox are permitted. The server supports access control lists on
mailboxes and storage quotas on mailbox hierarchies.
The Cyrus IMAP server supports the IMAP4rev1 protocol described
in RFC 3501. IMAP4rev1 has been approved as a proposed standard.
It supports any authentication mechanism available from the SASL
library, imaps/pop3s/nntps (IMAP/POP3/NNTP encrypted using SSL and
TLSv1) can be used for security. The server supports single instance
store where possible when an email message is addressed to multiple
recipients, SIEVE provides server side email filtering.
--------------------------------------------------------------------------------
Update Information:
- cyrus-imapd updated to 2.3.18
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
- fix CVE-2011-3208: a remotely exploitable buffer overflow in nntpd
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3.18-1
- cyrus-imapd updated to 2.3.18
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
* Mon Sep 19 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3.17-1
- updated to 2.3.17
* Tue May 17 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3.16-8
- fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability
* Fri Jan 21 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3.16-7
- don't force sync io for all filesystems
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cyrus-imapd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13860
2011-10-05 23:30:40
--------------------------------------------------------------------------------
Name : cyrus-imapd
Product : Fedora 15
Version : 2.4.12
Release : 1.fc15
URL : http://www.cyrusimap.org/
Summary : A high-performance mail server with IMAP, POP3, NNTP and SIEVE
support
Description :
The cyrus-imapd package contains the core of the Cyrus IMAP server.
It is a scaleable enterprise mail system designed for use from
small to large enterprise environments using standards-based
internet mail technologies.
A full Cyrus IMAP implementation allows a seamless mail and bulletin
board environment to be set up across multiple servers. It differs from
other IMAP server implementations in that it is run on "sealed"
servers, where users are not normally permitted to log in and have no
system account on the server. The mailbox database is stored in parts
of the file system that are private to the Cyrus IMAP server. All user
access to mail is through software using the IMAP, POP3 or KPOP
protocols. It also includes support for virtual domains, NNTP,
mailbox annotations, and much more. The private mailbox database design
gives the server large advantages in efficiency, scalability and
administratability. Multiple concurrent read/write connections to the
same mailbox are permitted. The server supports access control lists on
mailboxes and storage quotas on mailbox hierarchies.
The Cyrus IMAP server supports the IMAP4rev1 protocol described
in RFC 3501. IMAP4rev1 has been approved as a proposed standard.
It supports any authentication mechanism available from the SASL
library, imaps/pop3s/nntps (IMAP/POP3/NNTP encrypted using SSL and
TLSv1) can be used for security. The server supports single instance
store where possible when an email message is addressed to multiple
recipients, SIEVE provides server side email filtering.
--------------------------------------------------------------------------------
Update Information:
- security fix:
* fixes incomplete authentication checks in nntpd (Secunia SA46093)
- other fixed bugs:
* delayed delete can fail because of invalid names
* cyradm cannot wildcard delete ACLs from a mailbox
* Wrong ENABLE result (doubled names)
* mbpath output changed from 2.3 to 2.4 for remote mailboxes
* xfer fails on unlimited quota (-1)
CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()
Bugs Fixed:
3495 P1 enhancement 2.4.10 Cyrus IMAP Improved duplicate suppression
3498 P1 bug 2.4.10 Cyrus IMAP quota command deletes users quota files
2772 P2 bug 2.4.x (next) Cyrus IMAP cmd_thread cores with bogus ids in
references header
3300 P3 bug 2.4.2 Cyrus IMAP SOL_TCP is not defined on NetBSD
3439 P3 bug 2.3.16 Cyrus IMAP formatting issue on logging (or memory corruption
?)
3454 P3 bug 2.4.8 Cyrus IMAP ID with unquoted id_param_list keys not accepted
3463 P3 bug 2.4.x (next) Cyrus IMAP Certain mails will crash imapd if using
server side threading
3489 P3 bug 2.4.10 Cyrus IMAP 2.4.10 and quota problem
3491 P3 enhancement 2.4.10 Cyrus IMAP UNAUTHENTICATE and NOOP in timsieved
3492 P3 bug 2.4.10 Cyrus IMAP Add response codes to timsieved
3497 P3 bug 2.4.10 Cyrus IMAP In master/master.c:add_service the variable "cmd"
is set to NULL before syslogging
3503 P3 bug 2.4.10 Cyrus IMAP DragonFly BSD also require PIC objects for perl
3505 P3 bug 2.4.x (next) Cyrus IMAP sync_reset is broken
3506 P3 bug 2.4.x (next) Cyrus IMAP dlist.c uses synchronizing IMAP LITERALS
without backchannel.
3507 P3 bug 2.4.x (next) Cyrus IMAP Replication reconciliation fails in
default/immediate expunge mode
3526 P3 bug 2.4.10 Cyrus IMAP AFS ptloader reinitialization uses local cell
instead of afspts_mycell config option
3532 P3 enhancement 2.5.x (next) Cyrus IMAP Fix file descriptor cleanup
3279 P5 bug 2.4.2 Cyrus IMAP sync_client crashes with empty mech_list before TLS
starts
3451 P5 enhancement 2.4.8 Cyrus IMAP config2header assume CC has no spaces
- rebuild to match db library update
- do not conflict with db4-utils
- rebuild to match db library update
CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()
Bugs Fixed:
3495 P1 enhancement 2.4.10 Cyrus IMAP Improved duplicate suppression
3498 P1 bug 2.4.10 Cyrus IMAP quota command deletes users quota files
2772 P2 bug 2.4.x (next) Cyrus IMAP cmd_thread cores with bogus ids in
references header
3300 P3 bug 2.4.2 Cyrus IMAP SOL_TCP is not defined on NetBSD
3439 P3 bug 2.3.16 Cyrus IMAP formatting issue on logging (or memory corruption
?)
3454 P3 bug 2.4.8 Cyrus IMAP ID with unquoted id_param_list keys not accepted
3463 P3 bug 2.4.x (next) Cyrus IMAP Certain mails will crash imapd if using
server side threading
3489 P3 bug 2.4.10 Cyrus IMAP 2.4.10 and quota problem
3491 P3 enhancement 2.4.10 Cyrus IMAP UNAUTHENTICATE and NOOP in timsieved
3492 P3 bug 2.4.10 Cyrus IMAP Add response codes to timsieved
3497 P3 bug 2.4.10 Cyrus IMAP In master/master.c:add_service the variable "cmd"
is set to NULL before syslogging
3503 P3 bug 2.4.10 Cyrus IMAP DragonFly BSD also require PIC objects for perl
3505 P3 bug 2.4.x (next) Cyrus IMAP sync_reset is broken
3506 P3 bug 2.4.x (next) Cyrus IMAP dlist.c uses synchronizing IMAP LITERALS
without backchannel.
3507 P3 bug 2.4.x (next) Cyrus IMAP Replication reconciliation fails in
default/immediate expunge mode
3526 P3 bug 2.4.10 Cyrus IMAP AFS ptloader reinitialization uses local cell
instead of afspts_mycell config option
3532 P3 enhancement 2.5.x (next) Cyrus IMAP Fix file descriptor cleanup
3279 P5 bug 2.4.2 Cyrus IMAP sync_client crashes with empty mech_list before TLS
starts
3451 P5 enhancement 2.4.8 Cyrus IMAP config2header assume CC has no spaces
- rebuild to match db library update
- do not conflict with db4-utils
- rebuild to match db library update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.12-1
- cyrus-imapd updated to 2.4.12
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
* Fri Sep 9 2011 Jeroen van Meeuwen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.11-1
- Updated to 2.4.11
- Fix CVE-2011-3208 (#734926, #736838)
* Thu Aug 25 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.10-3
- do not conflict with db4-utils
* Mon Aug 15 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.10-2
- rebuild with db5
* Thu Jul 7 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.10-1
- updated to 2.4.10
* Mon May 9 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.8-1
- fixed: systemd commands in %post (thanks Bill Nottingham)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #736838 - CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in
split_wildmats() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=736838
[ 2 ] Bug #729767 - imaps[9563]: unable to open Berkeley db /etc/sasldb2:
Invalid argument after fixing sendmail from bug 712943
https://bugzilla.redhat.com/show_bug.cgi?id=729767
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cyrus-imapd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke