CVE-2004-0224
CVSS7.5
发布时间 :2004-04-15 00:00:00
修订时间 :2008-09-05 16:37:51
NMCOS    

[原文]Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."


[CNNVD]Courier多个远程缓冲区溢出漏洞(CNNVD-200404-045)

        
        Courier是一个综合完整的ESMTP、IMAP、POP3和Webmail的服务系统。
        Courier MTA、Courier SqWebMail和Courier-IMAP包含多个缓冲区溢出,远程攻击者可以利用这些漏洞以运行服务进程权限在系统上执行任意指令。
        问题存在于'so2022jp.c'中的转换器'ISO2022JP'和'shiftjis.c'的 'SHIFT_JIS'转换器中,攻击者通过提供超过BMP(Basic Multilingual Plane)范围的Unicode字符来利用这些漏洞。
        这些问题影响Courier MTA 0.44.2及之前版本,Courier-IMAP 2.2.1及之前版本,和 Courier SqWebMail 3.6.2及之前版本。
        详细漏洞细节目前没有提供。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linux:1.4:rc1Gentoo Linux 1.4 rc1
cpe:/a:inter7:courier-imap:2.1.1
cpe:/a:double_precision_incorporated:sqwebmail:3.6.2
cpe:/a:double_precision_incorporated:courier_mta:0.43
cpe:/o:gentoo:linux:1.4:rc2Gentoo Linux 1.4 rc2
cpe:/a:inter7:courier-imap:2.2.0
cpe:/a:inter7:courier-imap:2.0.0
cpe:/a:double_precision_incorporated:sqwebmail:3.6.1
cpe:/a:double_precision_incorporated:sqwebmail:3.6_.0
cpe:/a:inter7:courier-imap:1.6
cpe:/a:inter7:courier-imap:2.1.2
cpe:/o:gentoo:linux:1.4:rc3Gentoo Linux 1.4 rc3
cpe:/a:double_precision_incorporated:sqwebmail:3.5.2
cpe:/a:inter7:courier-imap:2.1
cpe:/a:inter7:courier-imap:2.2.1
cpe:/a:double_precision_incorporated:courier_mta:0.43.1
cpe:/a:double_precision_incorporated:courier_mta:0.43.2
cpe:/a:double_precision_incorporated:courier_mta:0.44.2
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:inter7:courier-imap:1.7
cpe:/a:double_precision_incorporated:courier_mta:0.44
cpe:/a:double_precision_incorporated:sqwebmail:3.5.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0224
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0224
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200404-045
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/9845
(VENDOR_ADVISORY)  BID  9845
http://secunia.com/advisories/11087/
(VENDOR_ADVISORY)  SECUNIA  11087
http://sourceforge.net/project/shownotes.php?release_id=5767
(VENDOR_ADVISORY)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=5767
http://xforce.iss.net/xforce/xfdb/15434
(UNKNOWN)  XF  courier-codeset-converter-bo(15434)

- 漏洞信息

Courier多个远程缓冲区溢出漏洞
高危 边界条件错误
2004-04-15 00:00:00 2005-10-20 00:00:00
远程  
        
        Courier是一个综合完整的ESMTP、IMAP、POP3和Webmail的服务系统。
        Courier MTA、Courier SqWebMail和Courier-IMAP包含多个缓冲区溢出,远程攻击者可以利用这些漏洞以运行服务进程权限在系统上执行任意指令。
        问题存在于'so2022jp.c'中的转换器'ISO2022JP'和'shiftjis.c'的 'SHIFT_JIS'转换器中,攻击者通过提供超过BMP(Basic Multilingual Plane)范围的Unicode字符来利用这些漏洞。
        这些问题影响Courier MTA 0.44.2及之前版本,Courier-IMAP 2.2.1及之前版本,和 Courier SqWebMail 3.6.2及之前版本。
        详细漏洞细节目前没有提供。
        

- 公告与补丁

        厂商补丁:
        Double Precision Incorporated
        -----------------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Double Precision Incorporated Upgrade courier-0.45.1.tar.bz2
        
        http://www.courier-mta.org/download.php

        Double Precision Incorporated Upgrade sqwebmail-4.0.1.tar.bz2
        
        http://www.courier-mta.org/download.php

        Inter7 Upgrade courier-imap-3.0.1.tar.bz2
        
        http://www.courier-mta.org/download.php

- 漏洞信息

4194
Courier Japanese Codeset iso2022jp.c Conversion Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-03-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Courier Multiple Remote Buffer Overflow Vulnerabilities
Boundary Condition Error 9845
Yes No
2004-03-11 12:00:00 2009-07-12 03:06:00
These issues were disclosed by the vendor.

- 受影响的程序版本

Inter7 Courier-IMAP 2.2.1
Inter7 Courier-IMAP 2.2 .0
Inter7 Courier-IMAP 2.1.2
Inter7 Courier-IMAP 2.1.1
Inter7 Courier-IMAP 2.1
Inter7 Courier-IMAP 2.0 .0
Inter7 Courier-IMAP 1.7
Inter7 Courier-IMAP 1.6
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
Double Precision Incorporated SqWebMail 3.6.2
Double Precision Incorporated SqWebMail 3.6.1
Double Precision Incorporated SqWebMail 3.6 .0
Double Precision Incorporated SqWebMail 3.5.3
Double Precision Incorporated SqWebMail 3.5.2
Double Precision Incorporated Courier MTA 0.44.2
Double Precision Incorporated Courier MTA 0.44
Double Precision Incorporated Courier MTA 0.43.2
Double Precision Incorporated Courier MTA 0.43.1
Double Precision Incorporated Courier MTA 0.43
Double Precision Incorporated Courier MTA 0.42.2
Double Precision Incorporated Courier MTA 0.40.1
Double Precision Incorporated Courier MTA 0.40
Double Precision Incorporated Courier MTA 0.38.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 5.1
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.1
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.3 i386
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- S.u.S.E. Linux 8.0 i386
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
Double Precision Incorporated Courier MTA 0.37.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Inter7 Courier-IMAP 3.0.1
Inter7 Courier-IMAP 3.0 .0
Double Precision Incorporated SqWebMail 4.0.1
Double Precision Incorporated SqWebMail 4.0 .0
Double Precision Incorporated Courier MTA 0.45.1
Double Precision Incorporated Courier MTA 0.45

- 不受影响的程序版本

Inter7 Courier-IMAP 3.0.1
Inter7 Courier-IMAP 3.0 .0
Double Precision Incorporated SqWebMail 4.0.1
Double Precision Incorporated SqWebMail 4.0 .0
Double Precision Incorporated Courier MTA 0.45.1
Double Precision Incorporated Courier MTA 0.45

- 漏洞讨论

Multiple buffer overflow vulnerabilities have been identified in Courier MTA, Courier SqWebMail, and Courier-IMAP. These vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access.

The issues exist in the 'SHIFT_JIS' converter in 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may be able to exploit these issues by supplying Unicode characters that exceed BMP (Basic Multilingual Plane) range.

These issues have been reported to affect Courier MTA 0.44.2 and prior, Courier-IMAP 2.2.1 and prior, and Courier SqWebMail 3.6.2 and prior. It has also been reported that the vulnerable codeset mappings may be employed by the Courier IMAP and Webmail service, however, they are not enabled by default.

These issues are being further analyzed and this BID will be updated once analysis is complete.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released Courier MTA 0.45, Courier-IMAP 3.0.0, and SqWebMail 4.0.0 to address these issues.

Gentoo have released an advisory (GLSA 200403-06) and updates to address this issue. Gentoo users are advised to upgrade to current packages by emerging the updated packages as follows:
# emerge sync

And depending on your installation:
# emerge -pv ">=net-mail/courier-imap-3.0.0"
# emerge ">=net-mail/courier-imap-3.0.0"

Or:
# emerge -pv ">=net-mail/courier-0.45"
# emerge ">=net-mail/courier-0.45"


Double Precision Incorporated Courier MTA 0.37.3

Double Precision Incorporated Courier MTA 0.38.1

Double Precision Incorporated Courier MTA 0.40

Double Precision Incorporated Courier MTA 0.40.1

Double Precision Incorporated Courier MTA 0.42.2

Double Precision Incorporated Courier MTA 0.43

Double Precision Incorporated Courier MTA 0.43.1

Double Precision Incorporated Courier MTA 0.43.2

Double Precision Incorporated Courier MTA 0.44

Double Precision Incorporated Courier MTA 0.44.2

Inter7 Courier-IMAP 1.6

Inter7 Courier-IMAP 1.7

Inter7 Courier-IMAP 2.0 .0

Inter7 Courier-IMAP 2.1

Inter7 Courier-IMAP 2.1.1

Inter7 Courier-IMAP 2.1.2

Inter7 Courier-IMAP 2.2 .0

Inter7 Courier-IMAP 2.2.1

Double Precision Incorporated SqWebMail 3.5.2

Double Precision Incorporated SqWebMail 3.5.3

Double Precision Incorporated SqWebMail 3.6 .0

Double Precision Incorporated SqWebMail 3.6.1

Double Precision Incorporated SqWebMail 3.6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站