[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] cyrus-imapd remote exploit

To: linux-security
Subject: [linux-security] cyrus-imapd remote exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Sun, 19 Jan 2003 21:25:28 -0800
User-Agent: Mutt/1.4i

Topic
=====
buffer overflow in cyrus-imapd remotely exploitable

Problem Description
===================
The cyrus imapd contains a buffer overflow which could be exploited
by remote attackers prior to logging in. Attackers could generate oversized
error messages and overflow buffers inside imapd.

Affected Versions
=================
all versions prior to 2.1.11

Solution
========
upgrade to version 2.1.11 or patched version for your distribution

SuSE-7.1
--------
rpm -Fvh cyrus-imapd-2.0.12-69.i386.rpm

SuSE-7.2
--------
rpm -Fvh cyrus-imapd-2.0.16-362.i386.rpm

SuSE-7.3, 8.0
--------------
rpm -Fvh cyrus-imapd-2.0.16-361.i386.rpm

SuSE-8.1
--------
rpm -Fvh cyrus-imapd-2.1.9-41.i586.rpm cyrus-sasl2-2.1.7-52.i586.rpm

Debian 2.2 (potato)
-------------------
upgrade to cyrus-admin_1.5.19-2.2_i386.deb,
           cyrus-common_1.5.19-2.2_i386.deb,
           cyrus-dev_1.5.19-2.2_i386.deb,
           cyrus-imapd_1.5.19-2.2_i386.deb,
           cyrus-nntp_1.5.19-2.2_i386.deb,
           cyrus-pop3d_1.5.19-2.2_i386.deb

Debian 3.0 (woody)
------------------
upgrade to cyrus-admin_1.5.19-9.1_i386.deb,
           cyrus-common_1.5.19-9.1_i386.deb,
           cyrus-dev_1.5.19-9.1_i386.deb,
           cyrus-imapd_1.5.19-9.1_i386.deb,
           cyrus-nntp_1.5.19-9.1_i386.deb,
           cyrus-pop3d_1.5.19-9.1_i386.deb

Prev by Date: [linux-security] cyrus-sasl remote exploits
Next by Date: [linux-security] multiple vulnerabilities in MySQL
Prev by thread: [linux-security] multiple vulnerabilities in MySQL
Next by thread: [linux-security] cyrus-sasl remote exploits
Index(es):
- Date
- Thread