- -------------------------------------------------------------------------- Debian Security Advisory DSA 215-1 security@debian.org Debian -- Security Information Martin Schulze December 23th, 2002 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : cyrus-imapd Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Id : CAN-2002-0379 CERT Advisory : VU#740169 BugTraq Id : 6298 Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. For the current stable distribution (woody) this problem has been fixed in version 1.5.19-9.1. For the old stable distribution (potato) this problem has been fixed in version 1.5.19-2.2. For the current unstable distribution (sid) this problem has been fixed in version 1.5.19-9.10. The cyrus21-imapd packages are not vulnerable We recommend that you upgrade your cyrus-imapd package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - --------------------------------- Source archives: Size/MD5 checksum: 681 7ed2dc53009118f622c466c7490910eb Size/MD5 checksum: 15807 75de24bbbf6906b2dcbc58ff94480faa Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f Alpha architecture: Size/MD5 checksum: 42610 042e48cefd32648ad22780b2dd75d3e4 Size/MD5 checksum: 570800 37eba3e8c00ceee87637527fda215e90 Size/MD5 checksum: 83332 2d5105eebbace38839fe45897898560d Size/MD5 checksum: 165502 58d468b7568031ef6ebfb6d162a87ea2 Size/MD5 checksum: 165366 a99934002ff65416f62949b48e161c2d Size/MD5 checksum: 78606 5616b0c2232bf237cd62aa79c60a74f6 ARM architecture: Size/MD5 checksum: 38378 68c99d95c4bc94244aa11531643e752a Size/MD5 checksum: 427770 29731f1cd6ee7a1bc18fd43d21a30d99 Size/MD5 checksum: 77060 c3ef8e84ea192e1792811c889b7e64f6 Size/MD5 checksum: 130436 f4424382f2945d196ce68d9dfe51ce04 Size/MD5 checksum: 126334 290490d751199efae7feb518fe5e209a Size/MD5 checksum: 59246 55abe9bb680c1bf75a1d8ccda8d5c0ef Intel IA-32 architecture: Size/MD5 checksum: 37840 c86d3b23d50017c4caefebaffaa52c88 Size/MD5 checksum: 409216 e03b8b803fdd52b16f0da981a32d7cbd Size/MD5 checksum: 72742 7b41f08a21aab4683c60e0ff0c87f4ad Size/MD5 checksum: 121794 a1afc55e62e68546e1f746bebf215010 Size/MD5 checksum: 119050 1b7a6e684ffbf78d244ae1503aa06743 Size/MD5 checksum: 55434 2e532f7b098b8009f8d4ea809bac8e6a Motorola 680x0 architecture: Size/MD5 checksum: 36688 0ec453438aeaeb79447e14dff4128b10 Size/MD5 checksum: 381676 d9475e923d51d51b447cf5e08e0154a9 Size/MD5 checksum: 71470 e51411412275e67040a780d8b14ac193 Size/MD5 checksum: 111510 abf765dfa9f400f381d3302e23f2f0d8 Size/MD5 checksum: 111542 5a9b7eacc475e4f19013d8a7ee5ef1a5 Size/MD5 checksum: 52076 ebcd507e26ea1cf0294232f934c665ae PowerPC architecture: Size/MD5 checksum: 38778 853c9e576750c397455c1606253a47bd Size/MD5 checksum: 450088 49c3ed1a6e3dde88d682bb42b478830d Size/MD5 checksum: 77918 9bb9fdc6d905aa1af5273da6a43ae653 Size/MD5 checksum: 132520 65ba9534cae7b0d23d2c3da115f8cf88 Size/MD5 checksum: 132128 ca7f5069d2c2c4815677091caddbaad9 Size/MD5 checksum: 61916 599a2f419306f34f7f954953431c9a5c Sun Sparc architecture: Size/MD5 checksum: 41222 574250cad0e3247980cdc9ede379e166 Size/MD5 checksum: 446538 69beb1f33611a47889ddfba499ae1ac4 Size/MD5 checksum: 76118 f16a315115d556d8088ac37ededd5b63 Size/MD5 checksum: 133154 32aa7a5ed5bf3ae261c79c84bf6107b6 Size/MD5 checksum: 129760 b42b8ca439832adef3417198104e3a45 Size/MD5 checksum: 61624 53381aaf7b9ca1956e03f0adaa294b66 Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 703 03fa333659ba86e1f6a5654c73c0419c Size/MD5 checksum: 32580 a3ed203eff5095754b1918a44c72a77f Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f Alpha architecture: Size/MD5 checksum: 43490 f4db5feda15c26bee8b46767c73ceafb Size/MD5 checksum: 566970 ab7ff32970435317b65a51c67e60e128 Size/MD5 checksum: 86188 b5370e5edfb7221c0633331b2efb90ec Size/MD5 checksum: 164276 7b872501ab0ad28b17a68f6a0599b725 Size/MD5 checksum: 162140 2402db60ecb922c719bb0ca80ca35097 Size/MD5 checksum: 77552 dbafea98c34554a93e3e646caf3df8ed ARM architecture: Size/MD5 checksum: 39852 11c0f89746e288beae58cc62ca6b97c0 Size/MD5 checksum: 437806 6b701e92f2abc07af14b4b9085646809 Size/MD5 checksum: 80344 442a643b75fb202d6a0bb9e571487846 Size/MD5 checksum: 134270 bd8c9b068c55bdb127ee2e359b7e3f53 Size/MD5 checksum: 126702 1187b29da93ea4862c789d852fbf5a5c Size/MD5 checksum: 59750 3a3caa512cbf65eac17e50faf9e80593 Intel IA-32 architecture: Size/MD5 checksum: 38924 bfaab8f6db81dd162081f4c236a4d960 Size/MD5 checksum: 416850 42ab62c6c0dcd027f4b6b21b460d1260 Size/MD5 checksum: 75634 c151f3ea81e738188cead441a2110c13 Size/MD5 checksum: 123420 962e0e7cc9109f34c1768188e16cc72f Size/MD5 checksum: 119822 3161e49d86884f326438d01b1b099bf0 Size/MD5 checksum: 56208 bfdc5c727911f19a43ee75d6de4d0d41 Intel IA-64 architecture: Size/MD5 checksum: 48776 4c64370ec2849b6c95ebc44de4cfc291 Size/MD5 checksum: 656724 cddf516677920ad5606e87d2609e8521 Size/MD5 checksum: 93280 ac7d194234d19aa602de3900117e6620 Size/MD5 checksum: 198040 a399fe746566a9a80a57a0596258f0b2 Size/MD5 checksum: 192390 e412c82b348b7a784bbac9d7ea1c6f3a Size/MD5 checksum: 90216 4ac43c84ed9b9a5fe7e287bf7127e536 HP Precision architecture: Size/MD5 checksum: 42166 886143111f6cce37876e12ffabddcfc8 Size/MD5 checksum: 484634 dc48dd627b15e2fcb704a68e7c9a38c8 Size/MD5 checksum: 83920 dcabdba1473ed8599b4f4acac5e7f7bd Size/MD5 checksum: 145566 d43d7edadce853267d7aa5856760b912 Size/MD5 checksum: 141960 3a5ba8eae1f255d90354271c0e6462f3 Size/MD5 checksum: 65818 8d1969626dc7f19b63aebb99ca37fd81 Motorola 680x0 architecture: Size/MD5 checksum: 37904 c1881ce09f8855371ccbbe3e24af7ff5 Size/MD5 checksum: 387510 b3372c02bc627e71f3c58942676e6c73 Size/MD5 checksum: 74290 7d05c013116eef0a9bb67964879e08da Size/MD5 checksum: 113354 86d9e65b7d2d719a42bf3016a2758d4d Size/MD5 checksum: 112042 a56badde3ffa2dab1152575be2b043b1 Size/MD5 checksum: 52274 794a80d582276a4a5c67c05d98dca50e Big endian MIPS architecture: Size/MD5 checksum: 41522 00a7aed0c34fff8c88fc91efd1d9f1a0 Size/MD5 checksum: 481446 772899fac06ed55e62e36ab711e0201e Size/MD5 checksum: 83226 20aed297c07c8eec8f4b0ae3891c81d7 Size/MD5 checksum: 141616 494b49f1866e2b4849b41d25359178c4 Size/MD5 checksum: 140252 0db3dcac7dd3762c858234bf5b40bf2a Size/MD5 checksum: 65700 3852d4c333200d476240e7c63626e2f0 Little endian MIPS architecture: Size/MD5 checksum: 41650 43b8fe90f0a1b3b0bc7479a6a773725f Size/MD5 checksum: 486124 79be4f0ea1ca2bafc7a4cb1a01c099cb Size/MD5 checksum: 83324 52f8b0e955dd2c67fb984330517a1a0d Size/MD5 checksum: 143844 b19880c3f1c0c5d1562162098fced833 Size/MD5 checksum: 141796 371b7d6898e2ccb91bc165de28203169 Size/MD5 checksum: 66146 1c03a95b5983c6ba4cb2a27ba7aeb5bf PowerPC architecture: Size/MD5 checksum: 40158 9dd472cdf3509dcc5e065482e6d77ffd Size/MD5 checksum: 457326 2b72dd98148c854f465500bc345c7eaf Size/MD5 checksum: 80854 49c45a1c59010673ba167bf0331fa0dc Size/MD5 checksum: 134930 36e0dfb12165ad289172d85a77bbf29f Size/MD5 checksum: 133402 d4db29ae6f4d6802e02bcdb66a61a0e2 Size/MD5 checksum: 62370 f82988c569a94f368d8c5cc7df98f007 IBM S/390 architecture: Size/MD5 checksum: 40578 a55de3a30940aa8af266d06fb709bbcf Size/MD5 checksum: 425896 897c5163ff6f81f613b542668508f624 Size/MD5 checksum: 77720 fa632ff17ca7f2b7c03b2dc0bd822d40 Size/MD5 checksum: 127438 af839029be317f76e569373215212d54 Size/MD5 checksum: 122952 babf1fc12682d6c61316a335c5ae2530 Size/MD5 checksum: 58376 80609b6a3f1bc1801a1635be6a054981 Sun Sparc architecture: Size/MD5 checksum: 39810 95d1263c795e9fde2650106b620f1bad Size/MD5 checksum: 435842 83ecee19b8dc92aaa6fb881c27b80dde Size/MD5 checksum: 79284 93ed311588e9922541f263dba2eac56f Size/MD5 checksum: 130800 fedae0b42f33ea5e4a79bcd7b87e52cc Size/MD5 checksum: 126886 a61b3c09914174a523855c4571064ddb Size/MD5 checksum: 60116 7c15618cbcc041fbc774577e6baed0f6 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show' and http://packages.debian.org/
Debian: cyrus-imapd buffer overflow vulnerability
December 23, 2002
There is a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in.
Summary
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,
which could be exploited by a remote attacker prior to logging in. A
malicious user could craft a request to run commands on the server under
the UID and GID of the cyrus server.
For the current stable distribution (woody) this problem has been
fixed in version 1.5.19-9.1.
For the old stable distribution (potato) this problem has been fixed
in version 1.5.19-2.2.
For the current unstable distribution (sid) this problem has been
fixed in version 1.5.19-9.10. The cyrus21-imapd packages are not
vulnerable
We recommend that you upgrade your cyrus-imapd package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Source archives:
Size/MD5 checksum: 681 7ed2dc53009118f622c466c7490910eb
Size/MD5 checksum: 15807 75de24bbbf6906b2dcbc58ff94480faa
Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f
Alpha architecture:
Size/MD5 checksum: 42610 042e48cefd32648ad22780b2dd75d3e4
Size/MD5 checksum: 570800 37eba3e8c00ceee87637527fda215e90
Size/MD5 checksum: 83332 2d5105eebbace38839fe45897898560d
Size/MD5 checksum: 165502 58d468b7568031ef6ebfb6d162a87ea2
Size/MD5 checksum: 165366 a99934002ff65416f62949b48e161c2d
Size/MD5 checksum: 78606 5616b0c2232bf237cd62aa79c60a74f6
ARM architecture:
Size/MD5 checksum: 38378 68c99d95c4bc94244aa11531643e752a
Size/MD5 checksum: 427770 29731f1cd6ee7a1bc18fd43d21a30d99
Size/MD5 checksum: 77060 c3ef8e84ea192e1792811c889b7e64f6
Size/MD5 checksum: 130436 f4424382f2945d196ce68d9dfe51ce04
Size/MD5 checksum: 126334 290490d751199efae7feb518fe5e209a
Size/MD5 checksum: 59246 55abe9bb680c1bf75a1d8ccda8d5c0ef
Intel IA-32 architecture:
Size/MD5 checksum: 37840 c86d3b23d50017c4caefebaffaa52c88
Size/MD5 checksum: 409216 e03b8b803fdd52b16f0da981a32d7cbd
Size/MD5 checksum: 72742 7b41f08a21aab4683c60e0ff0c87f4ad
Size/MD5 checksum: 121794 a1afc55e62e68546e1f746bebf215010
Size/MD5 checksum: 119050 1b7a6e684ffbf78d244ae1503aa06743
Size/MD5 checksum: 55434 2e532f7b098b8009f8d4ea809bac8e6a
Motorola 680x0 architecture:
Size/MD5 checksum: 36688 0ec453438aeaeb79447e14dff4128b10
Size/MD5 checksum: 381676 d9475e923d51d51b447cf5e08e0154a9
Size/MD5 checksum: 71470 e51411412275e67040a780d8b14ac193
Size/MD5 checksum: 111510 abf765dfa9f400f381d3302e23f2f0d8
Size/MD5 checksum: 111542 5a9b7eacc475e4f19013d8a7ee5ef1a5
Size/MD5 checksum: 52076 ebcd507e26ea1cf0294232f934c665ae
PowerPC architecture:
Size/MD5 checksum: 38778 853c9e576750c397455c1606253a47bd
Size/MD5 checksum: 450088 49c3ed1a6e3dde88d682bb42b478830d
Size/MD5 checksum: 77918 9bb9fdc6d905aa1af5273da6a43ae653
Size/MD5 checksum: 132520 65ba9534cae7b0d23d2c3da115f8cf88
Size/MD5 checksum: 132128 ca7f5069d2c2c4815677091caddbaad9
Size/MD5 checksum: 61916 599a2f419306f34f7f954953431c9a5c
Sun Sparc architecture:
Size/MD5 checksum: 41222 574250cad0e3247980cdc9ede379e166
Size/MD5 checksum: 446538 69beb1f33611a47889ddfba499ae1ac4
Size/MD5 checksum: 76118 f16a315115d556d8088ac37ededd5b63
Size/MD5 checksum: 133154 32aa7a5ed5bf3ae261c79c84bf6107b6
Size/MD5 checksum: 129760 b42b8ca439832adef3417198104e3a45
Size/MD5 checksum: 61624 53381aaf7b9ca1956e03f0adaa294b66
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 703 03fa333659ba86e1f6a5654c73c0419c
Size/MD5 checksum: 32580 a3ed203eff5095754b1918a44c72a77f
Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f
Alpha architecture:
Size/MD5 checksum: 43490 f4db5feda15c26bee8b46767c73ceafb
Size/MD5 checksum: 566970 ab7ff32970435317b65a51c67e60e128
Size/MD5 checksum: 86188 b5370e5edfb7221c0633331b2efb90ec
Size/MD5 checksum: 164276 7b872501ab0ad28b17a68f6a0599b725
Size/MD5 checksum: 162140 2402db60ecb922c719bb0ca80ca35097
Size/MD5 checksum: 77552 dbafea98c34554a93e3e646caf3df8ed
ARM architecture:
Size/MD5 checksum: 39852 11c0f89746e288beae58cc62ca6b97c0
Size/MD5 checksum: 437806 6b701e92f2abc07af14b4b9085646809
Size/MD5 checksum: 80344 442a643b75fb202d6a0bb9e571487846
Size/MD5 checksum: 134270 bd8c9b068c55bdb127ee2e359b7e3f53
Size/MD5 checksum: 126702 1187b29da93ea4862c789d852fbf5a5c
Size/MD5 checksum: 59750 3a3caa512cbf65eac17e50faf9e80593
Intel IA-32 architecture:
Size/MD5 checksum: 38924 bfaab8f6db81dd162081f4c236a4d960
Size/MD5 checksum: 416850 42ab62c6c0dcd027f4b6b21b460d1260
Size/MD5 checksum: 75634 c151f3ea81e738188cead441a2110c13
Size/MD5 checksum: 123420 962e0e7cc9109f34c1768188e16cc72f
Size/MD5 checksum: 119822 3161e49d86884f326438d01b1b099bf0
Size/MD5 checksum: 56208 bfdc5c727911f19a43ee75d6de4d0d41
Intel IA-64 architecture:
Size/MD5 checksum: 48776 4c64370ec2849b6c95ebc44de4cfc291
Size/MD5 checksum: 656724 cddf516677920ad5606e87d2609e8521
Size/MD5 checksum: 93280 ac7d194234d19aa602de3900117e6620
Size/MD5 checksum: 198040 a399fe746566a9a80a57a0596258f0b2
Size/MD5 checksum: 192390 e412c82b348b7a784bbac9d7ea1c6f3a
Size/MD5 checksum: 90216 4ac43c84ed9b9a5fe7e287bf7127e536
HP Precision architecture:
Size/MD5 checksum: 42166 886143111f6cce37876e12ffabddcfc8
Size/MD5 checksum: 484634 dc48dd627b15e2fcb704a68e7c9a38c8
Size/MD5 checksum: 83920 dcabdba1473ed8599b4f4acac5e7f7bd
Size/MD5 checksum: 145566 d43d7edadce853267d7aa5856760b912
Size/MD5 checksum: 141960 3a5ba8eae1f255d90354271c0e6462f3
Size/MD5 checksum: 65818 8d1969626dc7f19b63aebb99ca37fd81
Motorola 680x0 architecture:
Size/MD5 checksum: 37904 c1881ce09f8855371ccbbe3e24af7ff5
Size/MD5 checksum: 387510 b3372c02bc627e71f3c58942676e6c73
Size/MD5 checksum: 74290 7d05c013116eef0a9bb67964879e08da
Size/MD5 checksum: 113354 86d9e65b7d2d719a42bf3016a2758d4d
Size/MD5 checksum: 112042 a56badde3ffa2dab1152575be2b043b1
Size/MD5 checksum: 52274 794a80d582276a4a5c67c05d98dca50e
Big endian MIPS architecture:
Size/MD5 checksum: 41522 00a7aed0c34fff8c88fc91efd1d9f1a0
Size/MD5 checksum: 481446 772899fac06ed55e62e36ab711e0201e
Size/MD5 checksum: 83226 20aed297c07c8eec8f4b0ae3891c81d7
Size/MD5 checksum: 141616 494b49f1866e2b4849b41d25359178c4
Size/MD5 checksum: 140252 0db3dcac7dd3762c858234bf5b40bf2a
Size/MD5 checksum: 65700 3852d4c333200d476240e7c63626e2f0
Little endian MIPS architecture:
Size/MD5 checksum: 41650 43b8fe90f0a1b3b0bc7479a6a773725f
Size/MD5 checksum: 486124 79be4f0ea1ca2bafc7a4cb1a01c099cb
Size/MD5 checksum: 83324 52f8b0e955dd2c67fb984330517a1a0d
Size/MD5 checksum: 143844 b19880c3f1c0c5d1562162098fced833
Size/MD5 checksum: 141796 371b7d6898e2ccb91bc165de28203169
Size/MD5 checksum: 66146 1c03a95b5983c6ba4cb2a27ba7aeb5bf
PowerPC architecture:
Size/MD5 checksum: 40158 9dd472cdf3509dcc5e065482e6d77ffd
Size/MD5 checksum: 457326 2b72dd98148c854f465500bc345c7eaf
Size/MD5 checksum: 80854 49c45a1c59010673ba167bf0331fa0dc
Size/MD5 checksum: 134930 36e0dfb12165ad289172d85a77bbf29f
Size/MD5 checksum: 133402 d4db29ae6f4d6802e02bcdb66a61a0e2
Size/MD5 checksum: 62370 f82988c569a94f368d8c5cc7df98f007
IBM S/390 architecture:
Size/MD5 checksum: 40578 a55de3a30940aa8af266d06fb709bbcf
Size/MD5 checksum: 425896 897c5163ff6f81f613b542668508f624
Size/MD5 checksum: 77720 fa632ff17ca7f2b7c03b2dc0bd822d40
Size/MD5 checksum: 127438 af839029be317f76e569373215212d54
Size/MD5 checksum: 122952 babf1fc12682d6c61316a335c5ae2530
Size/MD5 checksum: 58376 80609b6a3f1bc1801a1635be6a054981
Sun Sparc architecture:
Size/MD5 checksum: 39810 95d1263c795e9fde2650106b620f1bad
Size/MD5 checksum: 435842 83ecee19b8dc92aaa6fb881c27b80dde
Size/MD5 checksum: 79284 93ed311588e9922541f263dba2eac56f
Size/MD5 checksum: 130800 fedae0b42f33ea5e4a79bcd7b87e52cc
Size/MD5 checksum: 126886 a61b3c09914174a523855c4571064ddb
Size/MD5 checksum: 60116 7c15618cbcc041fbc774577e6baed0f6
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
Severity
Package : cyrus-imapd
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2002-0379
CERT Advisory : VU#740169
BugTraq Id : 6298
News
HOWTOs
Features
About Us
Powered By
