Gentoo: 200212-11 Critical: Remote Exploits in Cyrus-IMAPD Buffer Overflow
gentoo
December 30, 2002
Multiple buffer overflow vulnerabilities have been discovered in cyrus-imapd.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-11 - -------------------------------------------------------------------- DATE : 2002-12-27 23:12 UTC
- --------------------------------------------------------------------
From first advisory:
"Cyrus' Sieve implementation contains a couple of classic string based buffer overflows in script parsing code. Anyone who can execute Sieve scripts can exploit these bugs. Versions up to libSieve 2.1.2 and Cyrus IMAP 2.1.10 are affected."
From second advisory:
"Cyrus IMAP server has a a remotely exploitable pre-login buffer overflow. I checked versions 1.4 (oldest in web page) and 2.1.10 which both had it, so apparently all versions are affected."
Read the full advisories at http://marc.theaimsgroup.com/?l=bugtraq&m=103886433123554&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : cyrus-imapd
SUMMARY : buffer overflows
EXPLOIT : remote
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!