184098 – CAN-2005-2933 imap buffer overflow (in libc-client)

Bug 184098 - CAN-2005-2933 imap buffer overflow (in libc-client)

Summary: CAN-2005-2933 imap buffer overflow (in libc-client)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora Legacy
Classification:	Retired
Component:	libc-client
Sub Component:
Version:	fc2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Fedora Legacy Bugs
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=moderate, LEGACY, 2
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-03-06 09:48 UTC by David Eisenstein
Modified:	2007-10-24 14:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-05 00:27:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Eisenstein 2006-03-06 09:48:57 UTC

Red Hat issued RHSA-2005:848-01 for this issue for RHEL 4.  See
<http://www.redhat.com/archives/enterprise-watch-list/2005-December/msg00001.html>.

From that advisory:
   "C-client is a common API for accessing mailboxes.

   "A buffer overflow flaw was discovered in the way C-client parses user
supplied mailboxes. If an authenticated user requests a specially crafted
mailbox name, it may be possible to execute arbitrary code on a server that
uses C-client to access mailboxes. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-2933 to this issue."

Also see Bug 170411 for a similar bug in imap for RHL7.3, RHL9, FC1.

+++ This bug was initially created as a clone of Bug #171345 +++

+++ This bug was initially created as a clone of Bug #171344 +++

iDEFENSE has reported a buffer overflow in the wu-imap server:
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities

An authenticated user can request a mailbox with a specially crafted name which
will overflow a buffer.

-- Additional comment from nalin on 2005-12-08 15:32 EST --
Fixing in 2002e-13 for FC3, 2002e-17 for FC4.

Comment 1 Marc Deslauriers 2006-03-07 22:45:32 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

4c6c31a77b86ee6b144878db24bbe77ff7b9e006  libc-client-2002e-5.1.legacy.i386.rpm
33f844e64eeb1767774eabeea17bcde23c23085d  libc-client-2002e-5.1.legacy.src.rpm
dcea18c08f3a2d536d76ab92aecac98d00887e8e 
libc-client-devel-2002e-5.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/2/libc-client-2002e-5.1.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEDg30LMAs/0C4zNoRAnCxAJ47faCnqYtmIYWHgkzYIXR6DHOnoACeOnXC
RtZxpOR4b71fYWppKpk22Ik=
=+kGR
-----END PGP SIGNATURE-----

Comment 2 Pekka Savola 2006-03-08 06:21:24 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare for both imap and libc-client:
 - source integrity good
 - spec file changes minimal
 - patches verified to come from RHEL
 
RHEL3 also fixed an IMAP crash with CRAM-MD5 which we could have included,
but I don't think that has security impact, so we can leave it out.
 
+PUBLISH RHL73, RHL9, FC1, FC2
 
b58606915f3f45182c8abb9fbe4fb6135f2a1a3a  imap-2001a-10.3.legacy.src.rpm
6762c161ad2de96c2793b43734b2474781b467a7  imap-2001a-18.2.legacy.src.rpm
8b3d2d0d6a46cf587a31034bb378a748a0796951  imap-2002d-3.2.legacy.src.rpm
33f844e64eeb1767774eabeea17bcde23c23085d  libc-client-2002e-5.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEDnjfGHbTkzxSL7QRAkL2AJ92Eykd2HL4xbNv5+JgFrvP6qYJuQCfTRZA
fgSkvf8Iei1CCJ8NA7G8xws=
=DGVi
-----END PGP SIGNATURE-----

Comment 3 Marc Deslauriers 2006-03-16 01:29:56 UTC

Packages were pushed to updates-testing.

Comment 4 Pekka Savola 2006-03-31 05:28:45 UTC

Timeout over.

Comment 5 Marc Deslauriers 2006-04-05 00:27:44 UTC

Packages were released to updates.

Note You need to log in before you can comment on or make changes to this bug.