Bug 156290 - CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Summary: CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: cyrus-imapd
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, 2
Depends On: 149870
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-28 17:06 UTC by Matthew Miller
Modified: 2007-04-18 17:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-04-05 00:26:05 UTC


Attachments (Terms of Use)
Proposed FLSA-2006-156290 advisory text (4.66 KB, text/plain)
2006-04-03 00:51 UTC, David Eisenstein
no flags Details

Description Matthew Miller 2005-04-28 17:06:42 UTC
+++ This bug was initially created as a clone of Bug #149870 +++

+++ This bug was initially created as a clone of Bug #149869 +++

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to
execute arbitrary code via (1) an off-by-one error in the imapd annotate
extension, (2) an off-by-one error in "cached header handling," (3) a
stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow
in imapd.


* Fix possible single byte overflow in mailbox handling code. 
* Fix possible single byte overflows in the imapd annotate extension. 
* Fix stack buffer overflows in fetchnews (exploitable by peer news
  server), backend (exploitable by admin), and in imapd (exploitable
  by users though only on platforms where a filename may be larger
  than a mailbox name).


---------------------------------------------------------------------------

This affects FC2. I don't believe FC1 or earlier included cyrus-imapd.

Comment 1 John Dennis 2005-04-28 17:19:33 UTC
I see you just added this as a blocker bug. FWIW I built the packages for FC2
and when I asked Bill for a push it was denied because FC2 is legacy. The
package is in the build system, but stuck in limbo.

Comment 2 Matthew Miller 2005-04-28 17:45:21 UTC
Oh, good to know! Do you think maybe you could pull them out of limbo and put
them somewhere we can get to?

Comment 3 Marc Deslauriers 2006-03-07 22:42:08 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

1f50108ed7ef6e082da5276a685fec59a3367465 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.i386.rpm
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
e8005bc789b7c46e2e78222249b8b5cf64a0686f 
cyrus-imapd-devel-2.2.12-1.1.fc2.1.legacy.i386.rpm
2fa531c5d59419695f590fac8cb46807885d3eed 
cyrus-imapd-murder-2.2.12-1.1.fc2.1.legacy.i386.rpm
6d62d66df1d46c1b4ec62c90ce5fb48d758df632 
cyrus-imapd-nntp-2.2.12-1.1.fc2.1.legacy.i386.rpm
ffb3843dac04911b02a5e91516e7b7cd98c9ac03 
cyrus-imapd-utils-2.2.12-1.1.fc2.1.legacy.i386.rpm
55e938ff829d282ee7e13dd53012f0181beb624c 
perl-Cyrus-2.2.12-1.1.fc2.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/2/cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEDg35LMAs/0C4zNoRAsghAKCYD83uGKEadHTEqK+y2xFpwksIvwCfTAGq
nc9R7/oypKCUx/Pwn2TnEkA=
=73Uj
-----END PGP SIGNATURE-----


Comment 4 Pekka Savola 2006-03-08 06:23:49 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - no patch, but the source upgrade identical to RHEL/FC3
 
+PUBLISH FC2
 
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEDnmyGHbTkzxSL7QRAhdzAJ41Y4JWHDBK+m+mrGFqUBv8PxBjlwCeMKLy
T5r5g11zTifQML8tzYyZqLY=
=y3vy
-----END PGP SIGNATURE-----


Comment 5 Marc Deslauriers 2006-03-16 01:27:38 UTC
Packages were pushed to updates-testing.

Comment 6 Pekka Savola 2006-03-31 05:28:22 UTC
Timeout over.

Comment 7 David Eisenstein 2006-04-03 00:51:45 UTC
Created attachment 127218 [details]
Proposed FLSA-2006-156290 advisory text

Attached is proposed FLSA-2006-156290 advisory for release to updates.

Comment 8 Marc Deslauriers 2006-04-05 00:26:05 UTC
Packages were released to updates.


Note You need to log in before you can comment on or make changes to this bug.