U radu programskog paketa cyrus-imapd uočen je nedostatak kojeg zlonamjeran napadač može iskoristiti za DoS napad (eng. Denial of Service).
Paket:
cyrus-imapd 2.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Kritičnost:
3.7
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3481
Izvorni ID preporuke:
MDVSA-2012:037
Izvor:
Mandriva
Problem:
Uočena je greška u programskoj funkciji "index_get_ids" u datoteci "index.c".
Posljedica:
Navedeni propust udaljeni napadač može iskoristiti za napad uskraćivanjem usluga (DoS napad) pomoću zlonamjerno oblikovanog References zaglavlja u poruci elektroničke pošte.
Rješenje:
Svim korisnicima se preporuča nadogradnja ranjivog programskog paketa.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:037
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cyrus-imapd
Date : March 23, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in cyrus-imapd:
The index_get_ids function in index.c in imapd in Cyrus IMAP Server
before 2.4.11, when server-side threading is enabled, allows remote
attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted References header in an e-mail message
(CVE-2011-3481).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3481
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
ff7b707f8503a52f3467c76cdc106ba0
2010.1/i586/cyrus-imapd-2.3.15-10.4mdv2010.2.i586.rpm
daefe2c80fc7145df902c43dbf5ad50d
2010.1/i586/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.i586.rpm
e41ea7bf9c749026d4cd6516f6feeaf5
2010.1/i586/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.i586.rpm
fb6e2825a8824598ee5ae2aadd7fa12a
2010.1/i586/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.i586.rpm
ebd016a661dfa7bdc042fc9140f61dd9
2010.1/i586/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.i586.rpm
7888ab862ca17b0c55ad3fc52da1d858
2010.1/i586/perl-Cyrus-2.3.15-10.4mdv2010.2.i586.rpm
1b4c9cf68d17d2cab8dcab01255a1ac2
2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
839604c4fe14a2ed84a32e810592119d
2010.1/x86_64/cyrus-imapd-2.3.15-10.4mdv2010.2.x86_64.rpm
b3596d7e78caf7b1005948a462e70785
2010.1/x86_64/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.x86_64.rpm
ae18e2b89957dd50dbb6d284df8fa96e
2010.1/x86_64/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.x86_64.rpm
049293e08b36cb86adb51b7f4eabae7f
2010.1/x86_64/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.x86_64.rpm
6670e23271557683218681c812dc3b52
2010.1/x86_64/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.x86_64.rpm
ed418a8cd77a041e1a060f97715fd489
2010.1/x86_64/perl-Cyrus-2.3.15-10.4mdv2010.2.x86_64.rpm
1b4c9cf68d17d2cab8dcab01255a1ac2
2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm
Mandriva Linux 2011:
671d5fab777fe892fdb17f746c0911af
2011/i586/cyrus-imapd-2.3.16-7.2-mdv2011.0.i586.rpm
684c26b361c8cfa2ea2f2904a4eb1c9a
2011/i586/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.i586.rpm
fbcce805ef0ff3450191f42a2c03239d
2011/i586/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.i586.rpm
7bd6dddf40fee59fa1e205a1381cb55c
2011/i586/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.i586.rpm
2e30c67b93cd77e0b93375d52c6ba3fd
2011/i586/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.i586.rpm
3b419c6a279bcd7014785ac08190a7a3
2011/i586/perl-Cyrus-2.3.16-7.2-mdv2011.0.i586.rpm
ae4016358f3fb65f8848e7dfacfe51b8 2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm
Mandriva Linux 2011/X86_64:
c2d51a8608ec4b4e60dbf519efeb27a4
2011/x86_64/cyrus-imapd-2.3.16-7.2-mdv2011.0.x86_64.rpm
987ba5349ff108ecdd9196fc04a129b6
2011/x86_64/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.x86_64.rpm
7280d308aeacd0c4a42cfb8fa81d98ef
2011/x86_64/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.x86_64.rpm
d87a595ef6b0c8ac1e33b95bc80a4b26
2011/x86_64/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.x86_64.rpm
78103c0c3e65bec8b0e74cb0646da2de
2011/x86_64/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.x86_64.rpm
708d80352c941535db1543235212587f
2011/x86_64/perl-Cyrus-2.3.16-7.2-mdv2011.0.x86_64.rpm
ae4016358f3fb65f8848e7dfacfe51b8 2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm
Mandriva Enterprise Server 5:
c3a25d81605b459b404904d8796d9371
mes5/i586/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
8041c5f3799dce70901249eb1785d4a3
mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
c6b4f04e130aac5fabc2fa292634bb17
mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
adc9eead0e01c35a3e7d6f8b229ed3e8
mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
f308073537087528015e1055733681c9
mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
db3487fafeba5b0b2382ccc02634965c
mes5/i586/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
ad67978598b453b082cd41fc0ee523dc
mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
19410e71050d4c838089ec0a2e903812
mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
4cb70d841875aaf93a190b5fa9880467
mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
ddd5ca10ccf664eb339eb82d33c92359
mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
72a0bf64084c54108b9195d296e75908
mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
f2e109e2aafcdf58e5eb8d60ed9e965f
mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
137056e0d077cfb799a70d1249d0a45f
mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
ad67978598b453b082cd41fc0ee523dc
mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPbGb1mqjQ0CJFipgRAh1/AKC2qlbRESOUD1PBqzrPi+55cMssxgCbB8Tu
pozYe8cYq/oqsWnM8dlDo9M=
=Mhy0
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke