Bug 149869 - CAN-2005-0546 multiple buffer overflows in cyrus-imapd
CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cyrus-imapd (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
Brian Brock
impact=moderate,public=20050214
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-28 10:04 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-17 10:25:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-28 10:04:07 EST
Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to
execute arbitrary code via (1) an off-by-one error in the imapd annotate
extension, (2) an off-by-one error in "cached header handling," (3) a
stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow
in imapd.


* Fix possible single byte overflow in mailbox handling code. 
* Fix possible single byte overflows in the imapd annotate extension. 
* Fix stack buffer overflows in fetchnews (exploitable by peer news
  server), backend (exploitable by admin), and in imapd (exploitable
  by users though only on platforms where a filename may be larger
  than a mailbox name).
Comment 1 Josh Bressers 2005-02-28 10:06:30 EST
The upstream announcement is here:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
Comment 2 John Dennis 2005-04-04 19:07:25 EDT
O.K. version 2.2.12 is in CVS and built. Please note version 2.2.11 referenced
in above annoucement was superceded in hours by 2.2.12 without any statement I
could find as to why, I can only assume because 2.2.11 needed a minor fix, thus
I've upgraded to 2.2.12.

Tomorrow I will do the eratta component of this bug.
Comment 3 John Dennis 2005-04-23 16:46:03 EDT
errata RHSA-2005:408 generated
Comment 4 John Dennis 2005-04-23 17:08:04 EDT
version 2.2.12.RHEL4.1 created and entered into errata
Comment 6 Mark J. Cox (Product Security) 2005-04-28 06:47:16 EDT
modified until pushed.
Comment 7 Josh Bressers 2005-05-17 10:25:19 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-408.html

Note You need to log in before you can comment on or make changes to this bug.