Bug 170521
Summary: | libc-client may allow execution of arbitrary code (CAN-2005-2933) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Jaegermann <michal> | ||||
Component: | libc-client | Assignee: | Joe Orton <jorton> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4 | CC: | rdieter | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-12-01 19:05:50 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Michal Jaegermann
2005-10-12 15:38:23 UTC
Created attachment 119841 [details]
patch to check quoting bounaries in mail.c
I'm not sure that this has security implications for libc-client. The bug appears to be triggered by an attacker supplying a malformed mailbox name to the IMAP server. > I'm not sure that this has security implications for libc-client.
Well, I am not sure either and that is why I wrote "may allow" in a subject.
OTOH a description says "C-client is a common API for accessing mailboxes".
This is used at least by 'php-imap' where various things can be build with
that, and a description claims 'pine', and who knows in what else way this
may be put, or was put, to use somewhere. We do deal here with a user
supplied data and a library which uses you do not control.
I do not have an example of an attack but trying to analyse and _predict_
all possible attack paths here seems to be rather not a cost effective
exercise vis-a-vis a simple and "obviously correct" patch.
Not mentioning effects of this hole where imap-2002 may be directly
used in still supported distros if any (early RHEL?).
See http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:194 The only difference is that AFAICS imap.so from php-imap in FC is dynamically linked to libc-client.so so fixing that library, and restarting apache, should be enough. How this is for other distributions from Red Hat I do not know. |