Debian GNU/Linux: 202205-8 High Risk: nmap Local Privilege Escalation

Arch Linux Security Advisory ASA-202112-5
========================================
Severity: Medium
Date    : 2021-12-03
CVE-ID  : CVE-2021-3657 CVE-2021-44143
Package : isync
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2579

Summary
======
The package isync before version 1.4.4-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 1.4.4-1.

# pacman -Syu "isync>=1.4.4-1"

The problems have been fixed upstream in version 1.4.4.

Workaround
=========
None.

Description
==========
- CVE-2021-3657 (arbitrary code execution)

A security issue was found in mbsync in isync versions before 1.4.4.
Due to inadequate handling of extremely large (>=2GiB) IMAP literals,
malicious or compromised IMAP servers, and hypothetically even external
email senders, could cause several different buffer overflows, which
could conceivably be exploited for remote code execution.

- CVE-2021-44143 (arbitrary code execution)

A security issue was found in mbsync in isync 1.4.0 before version
1.4.4. Due to an unchecked condition, a malicious or compromised IMAP
server could use a crafted mail message that lacks headers (i.e., one
that starts with an empty line) to provoke a heap overflow, which could
conceivably be exploited for remote code execution.

Impact
=====
A remote attacker could execute arbitrary code on the mbsync client
through crafted email messages.

References
=========
https://www.openwall.com/lists/oss-security/2021/12/03/1
https://www.openwall.com/lists/oss-security/2021/12/03/1/1




https://www.openwall.com/lists/oss-security/2021/12/03/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804
https://www.openwall.com/lists/oss-security/2021/12/03/2/1

https://security.archlinux.org/CVE-2021-3657
https://security.archlinux.org/CVE-2021-44143