Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-021.0-imapd buffer overflow when fetching partial mailbox attributes

CSSA-2002-021.0-imapd buffer overflow when fetching partial mailbox attributes

by Nikola Strahija on May 16th, 2002 A malicious user may construct a malformed request that will cause a buffer overflow, allowing the user to run code on the server with the uid and gid of the e-mail owner.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm

OpenLinux 3.1.1 Workstation prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm

OpenLinux 3.1 Server prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm

OpenLinux 3.1 Workstation prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm


3. Solution

The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

3d4c39ed407a122f963f9f508f908c92 imap-2000-14.i386.rpm
5c49edd5001471188ed6da5a20413f42 imap-devel-2000-14.i386.rpm

4.3 Installation

rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm

4.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

7aca0b5e4236dac8b9bbce8879d84bd8 imap-2000-14.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

d38decbc4fd541389f150a801dbd6024 imap-2000-14.i386.rpm
4833a72e3afde52d6f88fefdf2ac6fb4 imap-devel-2000-14.i386.rpm

5.3 Installation

rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm

5.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

0dc9c6f44c0a233ff31efc296159a812 imap-2000-14.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

cbe5748e7adea78a897b2b530a4f6885 imap-2000-14.i386.rpm
763992a12de3ac0bdf53ea03c92b0c79 imap-devel-2000-14.i386.rpm

6.3 Installation

rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm

6.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

decd197cfdce836c921560097573e9b3 imap-2000-14.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

863d0908cf6a00488bd705bfe16e4d4c imap-2000-14.i386.rpm
a2db300f0a06d9be119c39a40fb4f368 imap-devel-2000-14.i386.rpm

7.3 Installation

rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm

7.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

2ea45d3516faaaae52a2f8053deaf30c imap-2000-14.src.rpm


8. References

Specific references for this advisory:
none


Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr864139, fz520938
and erg712042.


9. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.


10. Acknowledgements

Marcell Fodor ([email protected]) discovered and reported
this vulnerability.

______________________________________________________________________________



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »