LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 28th, 2014
Linux Advisory Watch: November 21st, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: Cyrus IMAP arbitrary code execution fix Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Stefan Esser discovered several security related problems in the Cyrus IMAP daemon. Due to a bug in the command parser it is possible to access memory beyond the allocated buffer in two places which could lead to the execution of arbitrary code.

--------------------------------------------------------------------------
Debian Security Advisory DSA 597-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
November 25th, 2004                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : cyrus-imapd
Vulnerability  : buffer overflow
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CAN-2004-1012 CAN-2004-1013
Debian Bug     : 282681

Stefan Esser discovered several security related problems in the Cyrus
IMAP daemon.  Due to a bug in the command parser it is possible to
access memory beyond the allocated buffer in two places which could
lead to the execution of arbitrary code.

For the stable distribution (woody) these problems have been fixed in
version 1.5.19-9.2

For the unstable distribution (sid) these problems have been fixed in
version 2.1.17-1.

We recommend that you upgrade your cyrus-imapd package immediately.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2.dsc
      Size/MD5 checksum:      703 e0481572ba25da370cd1eca220d1a030
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2.diff.gz
      Size/MD5 checksum:    32830 f6e67dff752d2f07dc7814c08d910044
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz
      Size/MD5 checksum:   526190 b789ea3868be439c27b24a8aa6d0b99f

  Alpha architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:    43558 605b6d5781b7525fef102a322167dc07
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:   567060 f16d9c0379f5ff1805f9ca12e97a6d55
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:    86262 844e21251e961fd1a8744504508bf025
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:   164410 b6b6bd17475d8187ef1e1cb583887e64
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:   162218 c2752c9eabdf34d6a5f56183e6a0db9a
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_alpha.deb
      Size/MD5 checksum:    77630 e1f0a2fb07112a4fe4ef61ebb7a49aa0

  ARM architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_arm.deb
      Size/MD5 checksum:    39924 0995a4f7ad0a332d462ca619c706bda5
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_arm.deb
      Size/MD5 checksum:   437994 66083d88f667e80f01b58ef94c387d0e
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_arm.deb
      Size/MD5 checksum:    80458 52584f8b0d2a2ab0d344d25c9da4085b
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_arm.deb
      Size/MD5 checksum:   134364 5a341627828988cf55419d4a223079b5
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_arm.deb
      Size/MD5 checksum:   126848 26ad29be01e2b28c4de37d96d5b9155a
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_arm.deb
      Size/MD5 checksum:    59856 ac911aa6e9273f800c5f9f47c9c9084f

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_i386.deb
      Size/MD5 checksum:    38998 489e82636e7423342b6d63032e35f389
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_i386.deb
      Size/MD5 checksum:   416914 dd920904b7f4ab87f0b7c7bfa0d4a97f
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_i386.deb
      Size/MD5 checksum:    75702 2c8ef52476b3b494b0f2a0bbb0a35755
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_i386.deb
      Size/MD5 checksum:   123450 c0d4750368d00bf76c204a56f2c418d2
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_i386.deb
      Size/MD5 checksum:   119886 55ee743281e5de675674181b6ed024f3
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_i386.deb
      Size/MD5 checksum:    56268 5cedd739a2f4736125573e55a0b875ad

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:    48850 f6712157e9c472b041a9f83b6b6ab357
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:   656824 c01cd43ac1af94155760cdb5a62d9675
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:    93352 f19ed436d9550a693e03474080941e43
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:   198090 99ee20d8c668612add2e2f93d84b1848
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:   192456 2764c2794771531b7131148e6ba6cc53
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_ia64.deb
      Size/MD5 checksum:    90284 0ae7cc75d486880d86cc4e1a6db17af7

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:    42240 91e0ad0740bc59967af0d0125684863b
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:   484540 550d155ec451650196a0eef52fb8f3c8
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:    83932 e0333e01626fdeac3b69d04f319c6df0
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:   145634 546909a010b9468bb2ae8550a77f6653
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:   141988 132df5b22602fd2025a4dfdf44c8c0fd
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_hppa.deb
      Size/MD5 checksum:    65900 deca12451392a0911ff5699d339d62f6

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:    37972 e76791fa11eb69075ee6dbf82890ee06
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:   387580 f334243709621ad5051e7806e7b561d4
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:    74386 96605f4fead3441c1276aca7496cf857
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:   113454 074119d9b1abf101ab9cc957b627be8a
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:   112120 58d79fcfdb58ba97cb259f6b4b850f6b
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_m68k.deb
      Size/MD5 checksum:    52342 6a1cd52438760f6297081adba6b67997

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_mips.deb
      Size/MD5 checksum:    41602 1e96a8c73afbac0cdcc6771818b642e8
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_mips.deb
      Size/MD5 checksum:   481550 7bebd624566b7e603eb0733cbae7083c
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_mips.deb
      Size/MD5 checksum:    83312 a3b9739220e76493ac56fa7b73214d98
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_mips.deb
      Size/MD5 checksum:   141674 2fb6a951f77258e1828279ad8c6eef7a
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_mips.deb
      Size/MD5 checksum:   140320 dc3cc564c257346b492ea28775f5ae5e
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_mips.deb
      Size/MD5 checksum:    65780 da6c3c553887bcf173e41be3ddce62b1

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:    41738 0cba87d05f237a6e79ec0165bf757991
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:   486284 8896d35754568189b2fbe1f00aac432f
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:    83446 e86cf8f817626afb48f3f51eed186917
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:   143928 d427e4f5268d685adb1a7e7086a7a4fd
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:   141892 6a3b60a7c4c1f9fc60c01dbaad843ce0
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_mipsel.deb
      Size/MD5 checksum:    66236 6c48b0851637f81c2a5e9bddce0357d1

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:    40224 61d75e95f4aeafad122081a210f9682f
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:   457434 a73dd24b0f50e027fab59511261d1189
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:    80926 3541a8d3ffc665cee2b80c85b9d98cf3
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:   134996 3745593385f1fa49071706326aa5a7b8
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:   133482 5057e633e3068d5233d52e5b73e5d2d7
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_powerpc.deb
      Size/MD5 checksum:    62450 4993a3e6947fcc4a08075b43c28acfdf

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_s390.deb
      Size/MD5 checksum:    40804 e757c6a1476bae8035581ddd85fb3976
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_s390.deb
      Size/MD5 checksum:   433114 dc1b97d66d61ee41940a690b3b00c26a
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_s390.deb
      Size/MD5 checksum:    77910 ba413afe00395cd17ac86d757f181ea6
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_s390.deb
      Size/MD5 checksum:   129212 28751a06e94623a150aaf5f46df5c793
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_s390.deb
      Size/MD5 checksum:   124658 b153471de6d53d99693e9b2cff926aee
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_s390.deb
      Size/MD5 checksum:    59192 9591db004d221d6230a2aaaaf994a3e9

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:    39858 0b5fd335f5559ddfcd39cc5bd9798f4d
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:   435904 5b4639c22c4a63fdcd120c26a94ba903
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:    79364 c42e3dfdca39d2084051743f3f58aba2
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:   130890 6925e7fc4bdf0c9536b529314bd91f06
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:   126948 a7ca84cf4d6ec1694a718e53dadc0a5f
     http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_sparc.deb
      Size/MD5 checksum:    60190 67fce3079b320b2a236f4fe1d8b85f28


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Lexicon: What Is the Computer Fraud and Abuse Act?
World's best threat detection pwned by HOBBIT
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.