-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.14: Buffer overflows in
imapd

Topic: Buffer overflows in imapd
Advisory issue date: 24-July-1998


I. Problem Description

	The imap package has a variety of buffer overflow bugs. 
	
	One of them allows remote users to acquire root privilege.
	Exploits for this problem are already available on the
	internet.

	The other buffer overflows can only be triggered by users
	having an account on the server machine, and can not be used
	to acquire privileges, except on machines where there's an
	anonymous imap account.


II. Impact

Description:

Vulnerable Systems:

	OpenLinux 1.0, 1.1, & 1.2 systems using imapd packages prior
	to imap-4.1.BETA-5.
	

III. Solution

Workaround:
	Do not use the IMAP services; remove the imap package.

Correction:

        The proper solution is to Upgrade to the xxx packages. 
	Note that not all the bugs are fixed in this package and there
	will be another release when those bugs are fixed.

	imap-4.1-BETA-5 fixes the remote root problem.  As soon as
	imap-4.2 becomes available, which is supposed to address the
	other buffer overflows, we will release another update for
	imap. 

	They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS

	The MD5 checksums (from the "md5sum" command) for these
	packages are:

	6df741b4217f03bf773b54509a7d283a  RPMS/imap-4.1.BETA-5.i386.rpm
	d3526121c68b611524fc72746204d752  SRPMS/imap-4.1.BETA-5.src.rpm

        Upgrade with the following commands:

	rpm -q imap && rpm -U imap-4.1.BETA-5.i386.rpm


IV. References

        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        Additional documentation on this problem can be found in:

	Message-ID: <19980619140902.14508@ns.lst.de>
	Date: Fri, 19 Jun 1998 14:09:02 +0200
	From: Olaf Kirch <okir@lst.de>
	To: vendor-sec@lst.de
	Subject: [vendor-sec] Boring BOFs (Buffer OverFlows)


        This security fix relates to Caldera's internal Problem Report
	4026.


V. PGP Signature

	This message was signed with the PGP key for security@caldera.com.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1998.14.txt,v 1.3 1998/07/24 13:01:09 rf Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbiFlen+9R4958LpAQFCNQP9E2OXqfDuAgnzP+kV5hbvrYYVrlxp5ld4
2F/lQDpkC9dCzXghpkXt7pRP8Eb8Vxs1Rxzf/0uH8A+LasEu9hFORvy6OaxZmCiT
Z532bkvvuYBfw099ifr/sRuXGC9a3+/58/EbCCd+gqNdzPHwnphYvLd5t+d5zK72
ziIjWxvAeyY=
=6oMF
-----END PGP SIGNATURE-----