Mandriva: Subject: [Security Announce] [ MDVSA-2009:146 ] imap


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: September 1st, 2010

Linux Advisory Watch: August 27th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Mandriva: Subject: [Security Announce] [ MDVSA-2009:146 ] imap

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program (CVE-2008-5005). smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code (CVE-2008-5006). Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow (CVE-2008-5514). The updated packages have been patched to prevent this. Note that the software was renamed to c-client starting from Mandriva Linux 2009.0 and only provides the shared c-client library for the imap functions in PHP.

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:146
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : imap
 Date    : June 29, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities has been identified and fixed in University
 of Washington IMAP Toolkit:
 
 Multiple stack-based buffer overflows in (1) University of Washington
 IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine
 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain
 privileges by specifying a long folder extension argument on the
 command line to the tmail or dmail program; and (b) remote attackers to
 execute arbitrary code by sending e-mail to a destination mailbox name
 composed of a username and '+' character followed by a long string,
 processed by the tmail or possibly dmail program (CVE-2008-5005).
 
 smtp.c in the c-client library in University of Washington IMAP Toolkit
 2007b allows remote SMTP servers to cause a denial of service (NULL
 pointer dereference and application crash) by responding to the QUIT
 command with a close of the TCP connection instead of the expected
 221 response code (CVE-2008-5006).
 
 Off-by-one error in the rfc822_output_char function in the RFC822BUFFER
 routines in the University of Washington (UW) c-client library, as
 used by the UW IMAP toolkit before imap-2007e and other applications,
 allows context-dependent attackers to cause a denial of service (crash)
 via an e-mail message that triggers a buffer overflow (CVE-2008-5514).
 
 The updated packages have been patched to prevent this. Note that the
 software was renamed to c-client starting from Mandriva Linux 2009.0
 and only provides the shared c-client library for the imap functions
 in PHP.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5006
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 63ce4a37e1bc727a20d2d6fcdf5e7191  2008.1/i586/imap-2006k-1.1mdv2008.1.i586.rpm
 3c6c566568ff6cdd2b7fdbaec1bbb1e7  2008.1/i586/imap-devel-2006k-1.1mdv2008.1.i586.rpm
 1128ed4d27cb27d0eed85be04a065100  2008.1/i586/imap-utils-2006k-1.1mdv2008.1.i586.rpm
 1d482c2e629da844e24f6cca553282f0  2008.1/i586/libc-client-php0-2006k-1.1mdv2008.1.i586.rpm
 ad01858d02785a093527b7ef2fc36c03  2008.1/i586/libc-client-php-devel-2006k-1.1mdv2008.1.i586.rpm 
 a22ea306de85ba2124b751a3543e0b12  2008.1/SRPMS/imap-2006k-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a4e37c0e931caf696a937c0a67ad6178  2008.1/x86_64/imap-2006k-1.1mdv2008.1.x86_64.rpm
 542690b58ded818831c7d4b9b1d945cf  2008.1/x86_64/imap-devel-2006k-1.1mdv2008.1.x86_64.rpm
 8f1cdd31b50dd36d3e6b5d2a6c12b411  2008.1/x86_64/imap-utils-2006k-1.1mdv2008.1.x86_64.rpm
 8074c7e0f582dc298eeeace68bd54664  2008.1/x86_64/lib64c-client-php0-2006k-1.1mdv2008.1.x86_64.rpm
 19b98f06c8691e02622d1072588830c0  2008.1/x86_64/lib64c-client-php-devel-2006k-1.1mdv2008.1.x86_64.rpm 
 a22ea306de85ba2124b751a3543e0b12  2008.1/SRPMS/imap-2006k-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 02fbfcc8c5cbc14d0386411efa981f29  2009.0/i586/libc-client0-2007b-1.1mdv2009.0.i586.rpm
 f62c16902503926de169d8a7c2e53e5f  2009.0/i586/libc-client-devel-2007b-1.1mdv2009.0.i586.rpm 
 7527232e0b4aaa72dc23bd771d3cd7c8  2009.0/SRPMS/c-client-2007b-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 59ac5e394649da1db3ed2a76907b12bf  2009.0/x86_64/lib64c-client0-2007b-1.1mdv2009.0.x86_64.rpm
 392da7365dedecbbaf88ed4fdcc3ce24  2009.0/x86_64/lib64c-client-devel-2007b-1.1mdv2009.0.x86_64.rpm 
 7527232e0b4aaa72dc23bd771d3cd7c8  2009.0/SRPMS/c-client-2007b-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 cc57ba0b8729678290be011fb907e6f2  corporate/3.0/i586/imap-2002d-8.5.C30mdk.i586.rpm
 ba3e0dd929cf2cec9805d970adefcb97  corporate/3.0/i586/imap-devel-2002d-8.5.C30mdk.i586.rpm
 63590d632399727848627831fa54cc6d  corporate/3.0/i586/imap-utils-2002d-8.5.C30mdk.i586.rpm 
 44eb49718d21af3de5509c05fe22642c  corporate/3.0/SRPMS/imap-2002d-8.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d177b7e443781b745e66abcc046c260f  corporate/3.0/x86_64/imap-2002d-8.5.C30mdk.x86_64.rpm
 db1d058f81d040ab39225e3105592ca7  corporate/3.0/x86_64/imap-devel-2002d-8.5.C30mdk.x86_64.rpm
 36f98a9870a83884f908bbc79c4f6617  corporate/3.0/x86_64/imap-utils-2002d-8.5.C30mdk.x86_64.rpm 
 44eb49718d21af3de5509c05fe22642c  corporate/3.0/SRPMS/imap-2002d-8.5.C30mdk.src.rpm

 Corporate 4.0:
 df6ce5ec09f7b179910d21a64aadffa2  corporate/4.0/i586/imap-2004e-1.2.20060mlcs4.i586.rpm
 505781ebe570b0aff7fd600ea67387bc  corporate/4.0/i586/imap-devel-2004e-1.2.20060mlcs4.i586.rpm
 5667f7d7e2739cc74aefd7dd3d4d29ac  corporate/4.0/i586/imap-utils-2004e-1.2.20060mlcs4.i586.rpm
 bc139b3a93643ebd766781932292a090  corporate/4.0/i586/libc-client-php0-2004e-1.2.20060mlcs4.i586.rpm
 f2fa4ad3fe1088c47af93c7d3dbec4d2  corporate/4.0/i586/libc-client-php0-devel-2004e-1.2.20060mlcs4.i586.rpm 
 ffdf3f7a619b4859f65ffedbc00eef85  corporate/4.0/SRPMS/imap-2004e-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b4a436fb5f2e9acf7ed0e41d292e9b77  corporate/4.0/x86_64/imap-2004e-1.2.20060mlcs4.x86_64.rpm
 3c6d58213a9b9c067b39408ad1506ecd  corporate/4.0/x86_64/imap-devel-2004e-1.2.20060mlcs4.x86_64.rpm
 b115a8ad8fbb2c33302b7f72c4e6e2a5  corporate/4.0/x86_64/imap-utils-2004e-1.2.20060mlcs4.x86_64.rpm
 ecb5c6c2375ae1be46e9c77651a49411  corporate/4.0/x86_64/lib64c-client-php0-2004e-1.2.20060mlcs4.x86_64.rpm
 f1e42910321cc9b23a9dea16719e321a  corporate/4.0/x86_64/lib64c-client-php0-devel-2004e-1.2.20060mlcs4.x86_64.rpm 
 ffdf3f7a619b4859f65ffedbc00eef85  corporate/4.0/SRPMS/imap-2004e-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team