CVE-2003-0297
CVSS7.5
发布时间 :2003-06-16 00:00:00
修订时间 :2016-10-17 22:32:01
NMCOS    

[原文]c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.


[CNNVD]多家厂商IMAP客户端邮箱大小内存破坏漏洞(CNNVD-200306-064)

        
        多数EMAIL客户端支持IMAP协议。
        多数EMAIL客户端在通过IMAP协议处理邮箱大小值时存在问题,远程攻击者可以利用这个漏洞对客户端进行拒绝服务攻击,或通过特殊值破坏内存,可能以用户进程权限在系统上执行任意指令。
        问题在处理大的邮箱大小时会发生内存破坏,许多IMAP客户端执行malloc(messages_count * sizeof(struct message))操作,并把数据读取到内存中,由于没有检查邮箱大小,如果恶意IMAP服务器提供超长的邮箱大小值,会破坏堆栈中信息。可能以用户进程权限在系统上执行任意指令,不过没有得到确认证实。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:university_of_washington:c-client
cpe:/a:university_of_washington:imap-2002b
cpe:/a:university_of_washington:pine:4.53

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0297
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0297
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-064
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105294024124163&w=2
(UNKNOWN)  BUGTRAQ  20030514 Buffer overflows in multiple IMAP clients
http://www.redhat.com/support/errata/RHSA-2005-015.html
(UNKNOWN)  REDHAT  RHSA-2005:015
http://www.redhat.com/support/errata/RHSA-2005-114.html
(UNKNOWN)  REDHAT  RHSA-2005:114
http://www.securityfocus.com/archive/1/archive/1/430302/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:184074

- 漏洞信息

多家厂商IMAP客户端邮箱大小内存破坏漏洞
高危 边界条件错误
2003-06-16 00:00:00 2005-10-20 00:00:00
远程  
        
        多数EMAIL客户端支持IMAP协议。
        多数EMAIL客户端在通过IMAP协议处理邮箱大小值时存在问题,远程攻击者可以利用这个漏洞对客户端进行拒绝服务攻击,或通过特殊值破坏内存,可能以用户进程权限在系统上执行任意指令。
        问题在处理大的邮箱大小时会发生内存破坏,许多IMAP客户端执行malloc(messages_count * sizeof(struct message))操作,并把数据读取到内存中,由于没有检查邮箱大小,如果恶意IMAP服务器提供超长的邮箱大小值,会破坏堆栈中信息。可能以用户进程权限在系统上执行任意指令,不过没有得到确认证实。
        

- 公告与补丁

        厂商补丁:
        University of Washington
        ------------------------
        University of Washington imap-2002c不存在此漏洞,请到厂商的主页下载:
        
        http://www.washington.edu/

- 漏洞信息

11766
c-client IMAP Client Mailbox Size Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-05-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple IMAP Client Integer Overflow Vulnerabilities
Boundary Condition Error 7603
Yes No
2003-05-14 12:00:00 2009-07-11 10:06:00
Discovery is credited to Timo Sirainen <tss@iki.fi>.

- 受影响的程序版本

Ximian Evolution 1.2.4
University of Washington Pine 4.53
University of Washington imap 2002b
Sylpheed Sylpheed 0.8.11
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 2.1
Qualcomm Eudora 5.2.1
Mozilla Browser 1.4 a
Mozilla Browser 1.3
Microsoft Outlook Express 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Itanium SP2
+ Microsoft Windows Server 2003 Itanium SP2
+ Microsoft Windows Server 2003 Itanium SP1
+ Microsoft Windows Server 2003 Itanium SP1
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard x64 Edition
+ Microsoft Windows Server 2003 Standard x64 Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 x64 SP2
+ Microsoft Windows Server 2003 x64 SP2
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Media Center Edition SP2
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Professional x64 Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP2
+ Microsoft Windows XP Tablet PC Edition SP2
+ Microsoft Windows XP Tablet PC Edition
+ Microsoft Windows XP Tablet PC Edition
Avaya Integrated Management
Avaya CVLAN
Ximian Evolution 1.3.2 (beta)
University of Washington imap 2002c
Mozilla Browser 1.4 b
Mozilla Browser 1.3.1

- 不受影响的程序版本

Ximian Evolution 1.3.2 (beta)
University of Washington imap 2002c
Mozilla Browser 1.4 b
Mozilla Browser 1.3.1

- 漏洞讨论

Multiple IMAP Clients have been reported vulnerable to unspecified integer-overflow vulnerabilities.

The affected IMAP clients reportedly fail to ensure that proper boundary checks are performed on literal size values supplied by a malicious IMAP server. This may result in the manifestation of several variations of integer-overflow vulnerabilities when 'malloc()' tries to allocate memory.

This BID is a multiple vendor alert. Each affected implementation will be given a separate BID with vendor-specific details when further analysis of these issues is complete; this BID will then be retired.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


Reportedly, this issue has been addressed in University of Washington imap-2002c, Ximian Evolution 1.3.2 (beta), and Mozilla 1.3.1 and 1.4b. Please contact the appropriate vendor to obtain an upgraded version.

Please see the referenced advisories for further information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站