Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [USN-87-1] Cyrus IMAP server vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-Disclosure] [USN-87-1] Cyrus IMAP server vulnerability
Date: Mon, 28 Feb 2005 13:16:37 +0100 
===========================================================
Ubuntu Security Notice USN-87-1           February 28, 2005
cyrus21-imapd vulnerability
CAN-2005-0546
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cyrus21-imapd

The problem can be corrected by upgrading the affected package to
version 2.1.16-6ubuntu0.3.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Sean Larsson discovered a buffer overflow in the IMAP "annotate"
extension. This possibly allowed an authenticated IMAP client to
execute arbitrary code with the privileges of the Cyrus IMAP server.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.diff.gz
      Size/MD5:   236064 389812cf102f362acbdd8427d42a3fcc
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.dsc
      Size/MD5:     1040 7b56583400526281be8452c3c9ce24df
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16.orig.tar.gz
      Size/MD5:  1687454 8f4ff803a910d0f4e4cfab3b13a6080d

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6ubuntu0.3_all.deb
      Size/MD5:    87974 ea896023fb72b192e5b84d97e1c9f612
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-doc_2.1.16-6ubuntu0.3_all.deb
      Size/MD5:   206610 6c655f7135379dc53f7a12f648717af3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:   107060 35173577eee7aa4e58d081ae17423949
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:  2071564 a6704031b0a84ab7f7561a2133f91cb4
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:   267960 c406a6936d0442da7ac366601a5bd396
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:   591192 182d1004c78315bf4487021723151a28
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:   526746 3c68af3b07ec57a0ae52b87064c8df63
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:    93078 970dc32aeb86f6cdf9f0d385269122ae
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_amd64.deb
      Size/MD5:   137768 2642bf39e391884bcde4712eb9191b94

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:   104238 c9a63b935d093726a3f2a816c3982d1f
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:  1949418 6fcee0507a1bfa3291fbf617da7ac626
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:   261406 70d285879999adaf211ccaa36dbb7ab2
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:   561746 aec4f8aebecd6ce20f84456926a2dbe6
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:   493322 35ad3b8ad6f3a8d010187758a72aab54
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:    85204 8bb2c9dc9ab196ccd42a67ee5049ae60
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_i386.deb
      Size/MD5:   133844 15277d0438a3966ff1f091cc2f89f6f2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:   106852 d464f8d95c19f2b6e2ab799756ce7253
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:  2083580 9605c7608e077530ceb7ad39e3aa6e1b
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:   265422 0b3be1bfb756b3f6a81ce253c5564ffa
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:   593502 82b7ea2f28f9aec84334a13c9fdfd742
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:   527656 cf5477019633341b42047261b18f01f2
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:    93268 3589f4386b12fc4c6cec1676713a556a
    
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_powerpc.deb
      Size/MD5:   135818 5a148e9feaa9c0d45cb16e333e32c8aa

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [USN-87-1] Cyrus IMAP server vulnerability, Martin Pitt <=
Previous by Date:  [Full-Disclosure] [USN-86-1] cURL vulnerability, Martin Pitt
Next by Date:  [Full-Disclosure] [USN-88-1] reportbug information disclosure, Martin Pitt
Previous by Thread:  [Full-Disclosure] [USN-86-1] cURL vulnerability, Martin Pitt
Next by Thread:  [Full-Disclosure] [USN-88-1] reportbug information disclosure, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]