Bug 156290 - CAN-2005-0546 multiple buffer overflows in cyrus-imapd
CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: cyrus-imapd (Show other bugs)
fc2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, 2
: Security
Depends On: 149870
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-28 13:06 EDT by Matthew Miller
Modified: 2007-04-18 13:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-04 20:26:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed FLSA-2006-156290 advisory text (4.66 KB, text/plain)
2006-04-02 20:51 EDT, David Eisenstein
no flags Details

  None (edit)
Description Matthew Miller 2005-04-28 13:06:42 EDT
+++ This bug was initially created as a clone of Bug #149870 +++

+++ This bug was initially created as a clone of Bug #149869 +++

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to
execute arbitrary code via (1) an off-by-one error in the imapd annotate
extension, (2) an off-by-one error in "cached header handling," (3) a
stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow
in imapd.


* Fix possible single byte overflow in mailbox handling code. 
* Fix possible single byte overflows in the imapd annotate extension. 
* Fix stack buffer overflows in fetchnews (exploitable by peer news
  server), backend (exploitable by admin), and in imapd (exploitable
  by users though only on platforms where a filename may be larger
  than a mailbox name).


---------------------------------------------------------------------------

This affects FC2. I don't believe FC1 or earlier included cyrus-imapd.
Comment 1 John Dennis 2005-04-28 13:19:33 EDT
I see you just added this as a blocker bug. FWIW I built the packages for FC2
and when I asked Bill for a push it was denied because FC2 is legacy. The
package is in the build system, but stuck in limbo.
Comment 2 Matthew Miller 2005-04-28 13:45:21 EDT
Oh, good to know! Do you think maybe you could pull them out of limbo and put
them somewhere we can get to?
Comment 3 Marc Deslauriers 2006-03-07 17:42:08 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

1f50108ed7ef6e082da5276a685fec59a3367465 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.i386.rpm
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
e8005bc789b7c46e2e78222249b8b5cf64a0686f 
cyrus-imapd-devel-2.2.12-1.1.fc2.1.legacy.i386.rpm
2fa531c5d59419695f590fac8cb46807885d3eed 
cyrus-imapd-murder-2.2.12-1.1.fc2.1.legacy.i386.rpm
6d62d66df1d46c1b4ec62c90ce5fb48d758df632 
cyrus-imapd-nntp-2.2.12-1.1.fc2.1.legacy.i386.rpm
ffb3843dac04911b02a5e91516e7b7cd98c9ac03 
cyrus-imapd-utils-2.2.12-1.1.fc2.1.legacy.i386.rpm
55e938ff829d282ee7e13dd53012f0181beb624c 
perl-Cyrus-2.2.12-1.1.fc2.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/2/cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEDg35LMAs/0C4zNoRAsghAKCYD83uGKEadHTEqK+y2xFpwksIvwCfTAGq
nc9R7/oypKCUx/Pwn2TnEkA=
=73Uj
-----END PGP SIGNATURE-----
Comment 4 Pekka Savola 2006-03-08 01:23:49 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - no patch, but the source upgrade identical to RHEL/FC3
 
+PUBLISH FC2
 
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEDnmyGHbTkzxSL7QRAhdzAJ41Y4JWHDBK+m+mrGFqUBv8PxBjlwCeMKLy
T5r5g11zTifQML8tzYyZqLY=
=y3vy
-----END PGP SIGNATURE-----
Comment 5 Marc Deslauriers 2006-03-15 20:27:38 EST
Packages were pushed to updates-testing.
Comment 6 Pekka Savola 2006-03-31 00:28:22 EST
Timeout over.
Comment 7 David Eisenstein 2006-04-02 20:51:45 EDT
Created attachment 127218 [details]
Proposed FLSA-2006-156290 advisory text

Attached is proposed FLSA-2006-156290 advisory for release to updates.
Comment 8 Marc Deslauriers 2006-04-04 20:26:05 EDT
Packages were released to updates.

Note You need to log in before you can comment on or make changes to this bug.