-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: imapd buffer overflow when fetching partial mailbox attributes Advisory number: CSSA-2002-021.0 Issue date: 2002 May 15 Cross reference: ______________________________________________________________________________ 1. Problem Description A malicious user may construct a malformed request that will cause a buffer overflow, allowing the user to run code on the server with the uid and gid of the e-mail owner. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to imap-2000-14.i386.rpm prior to imap-devel-2000-14.i386.rpm OpenLinux 3.1.1 Workstation prior to imap-2000-14.i386.rpm prior to imap-devel-2000-14.i386.rpm OpenLinux 3.1 Server prior to imap-2000-14.i386.rpm prior to imap-devel-2000-14.i386.rpm OpenLinux 3.1 Workstation prior to imap-2000-14.i386.rpm prior to imap-devel-2000-14.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages 3d4c39ed407a122f963f9f508f908c92 imap-2000-14.i386.rpm 5c49edd5001471188ed6da5a20413f42 imap-devel-2000-14.i386.rpm 4.3 Installation rpm -Fvh imap-2000-14.i386.rpm rpm -Fvh imap-devel-2000-14.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages 7aca0b5e4236dac8b9bbce8879d84bd8 imap-2000-14.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS 5.2 Packages d38decbc4fd541389f150a801dbd6024 imap-2000-14.i386.rpm 4833a72e3afde52d6f88fefdf2ac6fb4 imap-devel-2000-14.i386.rpm 5.3 Installation rpm -Fvh imap-2000-14.i386.rpm rpm -Fvh imap-devel-2000-14.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 5.5 Source Packages 0dc9c6f44c0a233ff31efc296159a812 imap-2000-14.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 6.2 Packages cbe5748e7adea78a897b2b530a4f6885 imap-2000-14.i386.rpm 763992a12de3ac0bdf53ea03c92b0c79 imap-devel-2000-14.i386.rpm 6.3 Installation rpm -Fvh imap-2000-14.i386.rpm rpm -Fvh imap-devel-2000-14.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 6.5 Source Packages decd197cfdce836c921560097573e9b3 imap-2000-14.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 7.2 Packages 863d0908cf6a00488bd705bfe16e4d4c imap-2000-14.i386.rpm a2db300f0a06d9be119c39a40fb4f368 imap-devel-2000-14.i386.rpm 7.3 Installation rpm -Fvh imap-2000-14.i386.rpm rpm -Fvh imap-devel-2000-14.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 7.5 Source Packages 2ea45d3516faaaae52a2f8053deaf30c imap-2000-14.src.rpm 8. References Specific references for this advisory: none Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incidents sr864139, fz520938 and erg712042. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements Marcell Fodor (m.fodor@mail.datanet.hu) discovered and reported this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzitVoACgkQbluZssSXDTFodgCgzfIO/LSKwvoJ0d4KWHanInAE 3qEAnR4EgdqecKTXMKVf0+cDRa7WirBb =2veF -----END PGP SIGNATURE-----