Bug 184098 - CAN-2005-2933 imap buffer overflow (in libc-client)
CAN-2005-2933 imap buffer overflow (in libc-client)
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: libc-client (Show other bugs)
fc2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=moderate, LEGACY, 2
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-06 04:48 EST by David Eisenstein
Modified: 2007-10-24 10:28 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-04 20:27:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-03-06 04:48:57 EST
Red Hat issued RHSA-2005:848-01 for this issue for RHEL 4.  See
<http://www.redhat.com/archives/enterprise-watch-list/2005-December/msg00001.html>.

From that advisory:
   "C-client is a common API for accessing mailboxes.

   "A buffer overflow flaw was discovered in the way C-client parses user
supplied mailboxes. If an authenticated user requests a specially crafted
mailbox name, it may be possible to execute arbitrary code on a server that
uses C-client to access mailboxes. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-2933 to this issue."

Also see Bug 170411 for a similar bug in imap for RHL7.3, RHL9, FC1.

+++ This bug was initially created as a clone of Bug #171345 +++

+++ This bug was initially created as a clone of Bug #171344 +++

iDEFENSE has reported a buffer overflow in the wu-imap server:
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities

An authenticated user can request a mailbox with a specially crafted name which
will overflow a buffer.

-- Additional comment from nalin@redhat.com on 2005-12-08 15:32 EST --
Fixing in 2002e-13 for FC3, 2002e-17 for FC4.
Comment 1 Marc Deslauriers 2006-03-07 17:45:32 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

4c6c31a77b86ee6b144878db24bbe77ff7b9e006  libc-client-2002e-5.1.legacy.i386.rpm
33f844e64eeb1767774eabeea17bcde23c23085d  libc-client-2002e-5.1.legacy.src.rpm
dcea18c08f3a2d536d76ab92aecac98d00887e8e 
libc-client-devel-2002e-5.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/2/libc-client-2002e-5.1.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEDg30LMAs/0C4zNoRAnCxAJ47faCnqYtmIYWHgkzYIXR6DHOnoACeOnXC
RtZxpOR4b71fYWppKpk22Ik=
=+kGR
-----END PGP SIGNATURE-----
Comment 2 Pekka Savola 2006-03-08 01:21:24 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare for both imap and libc-client:
 - source integrity good
 - spec file changes minimal
 - patches verified to come from RHEL
 
RHEL3 also fixed an IMAP crash with CRAM-MD5 which we could have included,
but I don't think that has security impact, so we can leave it out.
 
+PUBLISH RHL73, RHL9, FC1, FC2
 
b58606915f3f45182c8abb9fbe4fb6135f2a1a3a  imap-2001a-10.3.legacy.src.rpm
6762c161ad2de96c2793b43734b2474781b467a7  imap-2001a-18.2.legacy.src.rpm
8b3d2d0d6a46cf587a31034bb378a748a0796951  imap-2002d-3.2.legacy.src.rpm
33f844e64eeb1767774eabeea17bcde23c23085d  libc-client-2002e-5.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEDnjfGHbTkzxSL7QRAkL2AJ92Eykd2HL4xbNv5+JgFrvP6qYJuQCfTRZA
fgSkvf8Iei1CCJ8NA7G8xws=
=DGVi
-----END PGP SIGNATURE-----
Comment 3 Marc Deslauriers 2006-03-15 20:29:56 EST
Packages were pushed to updates-testing.
Comment 4 Pekka Savola 2006-03-31 00:28:45 EST
Timeout over.
Comment 5 Marc Deslauriers 2006-04-04 20:27:44 EDT
Packages were released to updates.

Note You need to log in before you can comment on or make changes to this bug.