LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: February 6th, 2012
Linux Advisory Watch: February 3rd, 2012
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Cyrus IMAP multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. 

_______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-imapd
 Advisory ID:            MDKSA-2004:139
 Date:                   November 25th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities in the Cyrus-IMAP server were found by
 Stefan Esser.  Due to insufficient checking within the argument
 parser of the 'partial' and 'fetch' commands, a buffer overflow could
 be exploited to execute arbitrary attacker-supplied code.  Another
 exploitable buffer overflow could be triggered in situations when
 memory allocation files.

 The provided packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 d24a96383803817c7bc4873eddd788c5  10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
 4e2abc98c3467167e7d1e80c8673e627  10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
 c86e00c698a0c1c6a86b72822822a21d  10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
 7ad76d69b422fe93b819290dbb19d9c3  10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
 96fd3591c761678893f43e86579a126d  10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
 89a64ea4af5fb2b3867e15abe1f38813  10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8c0a0ae9b8af0e852ff537790bb78b79  amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
 54e359a8a63cf94d35cdda65455d8c2a  amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
 560d64e9c9db0f0aa7d20223b525a30e  amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
 f283e5fa417f62422cceed597972158f  amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
 547ae80ca8ef2a37f6afd877bc89b324  amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
 89a64ea4af5fb2b3867e15abe1f38813  amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 d8789ade849ca9fa4ca29320c538ec7d  10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
 2d10d7a5405712dc6fa60e0c751e6935  10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
 a9bb0d482e65acfc4c0b55aa8449e61c  10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
 5bd8c7ea1891db4d8eb9dd691480a0df  10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
 6a62e104fd24f40b85b673529aa82b38  10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
 865c36af331c9bd111fd20d0d777a674  10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
 031465e275846f22279d4817f3b2a12d  10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 14302a4c19f67e797cf02278c2ac42c6  x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
 b4e6c99bfdeac90e16475eec2e651b0e  x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
 38a0a974e95c96787bc857bb358afa84  x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
 bf5d0e23fa0a4ebbd1a46277621a4bb8  x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
 b9f2f06d42079cb81221688d46c34446  x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
 f71573be7c4c32bf330ea105dff7df8b  x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
 031465e275846f22279d4817f3b2a12d  x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
 
< Prev   Next >
    
Partner

 
Latest Features
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
sec-wall: Open Source Security Proxy
Yesterday's Edition
Hackers Hit Apple Supplier Foxconn, Leak Usernames And Passwords
Hackers Mug Google's Wallet App on Rooted Android Devices
Google Chrome will no longer check for revoked SSL certificates online
Have Your Users' Passwords Already Been Hacked?
DDoS Tools Flourish, Give Attackers Many Options
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2012 Guardian Digital, Inc. All rights reserved.