CVE-2004-1011
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:50:39
NMCOPS    

[原文]Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.


[CNNVD]CyrusIMAPServer imapmagicplus 栈溢出漏洞 (CNNVD-200501-121)

        Cyrus IMAPD是一款开源的IMAP协议实现软件。
        Cyrus IMAP Server 2.2.4及之前版本中存在堆栈溢出漏洞。
        当启用imapmagicplus选项时,远程攻击者可通过超长的PROXY或LOGIN命令,触发溢出,从而执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:trustix:secure_linux:2.2Trustix Secure Linux 2.2
cpe:/a:openpkg:openpkg:current
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/o:redhat:fedora_core:core_3.0
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.8
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.9
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.16
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.7
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.3
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.10
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.4
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.7
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1011
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1011
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-121
(官方数据源) CNNVD

- 其它链接及资源

http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
(UNKNOWN)  MLIST  [cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
(UNKNOWN)  CONFIRM  http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
http://marc.info/?l=bugtraq&m=110123023521619&w=2
(UNKNOWN)  BUGTRAQ  20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities
http://security.e-matters.de/advisories/152004.html
(UNKNOWN)  MISC  http://security.e-matters.de/advisories/152004.html
http://security.gentoo.org/glsa/glsa-200411-34.xml
(UNKNOWN)  GENTOO  GLSA-200411-34
http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
(UNKNOWN)  MANDRAKE  MDKSA-2004:139
http://xforce.iss.net/xforce/xfdb/18198
(VENDOR_ADVISORY)  XF  cyrus-imap-username-bo(18198)

- 漏洞信息

CyrusIMAPServer imapmagicplus 栈溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-28 00:00:00
远程  
        Cyrus IMAPD是一款开源的IMAP协议实现软件。
        Cyrus IMAP Server 2.2.4及之前版本中存在堆栈溢出漏洞。
        当启用imapmagicplus选项时,远程攻击者可通过超长的PROXY或LOGIN命令,触发溢出,从而执行任意代码。

- 公告与补丁

        
        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://cyrusimap.web.cmu.edu/downloads.html

- 漏洞信息 (F36883)

unrealmagic.c (PacketStormID:F36883)
2005-03-30 00:00:00
crash-x  unl0ck.org
exploit,remote
CVE-2004-1011,CVE-2004-1012,CVE-2004-1013
[点击下载]

Cyrus IMAPd versions 2.2.4 through 2.2.8 remote exploit. Original flaw discovered by Stefan Esser.

- 漏洞信息 (F35141)

152004.txt (PacketStormID:F35141)
2004-12-11 00:00:00
Stefan Esser  security.e-matters.de
advisory,remote,vulnerability,imap,code execution
CVE-2004-1011,CVE-2004-1012,CVE-2004-1013
[点击下载]

Cyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                           e-matters GmbH
                          www.e-matters.de

                      -= Security  Advisory =-



     Advisory: Cyrus IMAP Server multiple remote vulnerabilities
 Release Date: 2004/11/22
Last Modified: 2004/11/22
       Author: Stefan Esser [s.esser@e-matters.de]

  Application: Cyrus IMAP Server <= 2.2.8
     Severity: Several vulnerabilities within Cyrus IMAP Server
               allow remote execution of arbitrary code
         Risk: Critical
Vendor Status: Vendor has released a bugfixed version.
    Reference: http://security.e-matters.de/advisories/152004.html


Overview:

   IMAP (Internet Message Access Protocol) is an Internet standards-
   track protocol for accessing messages (mail, bboards, news, etc). 
   The Cyrus IMAP server differs from other IMAP server implementations 
   in that it is generally intended to be run on sealed servers, where 
   normal users are not permitted to log in. The mailbox database is 
   stored in parts of the filesystem that are private to the Cyrus IMAP
   system. All user access to mail is through the IMAP, POP3, or KPOP 
   protocols.

   During an audit of imapd several vulnerabilities were discovered
   ranging from a standard stack overflow, over out of bounds heap
   corruptions, to a bug caused by the use of programming constructs 
   that are undefined according to the C standard.
   
   All these bugs can lead to remote execution of arbitrary code
   depending on the skills of the attacker.


Details:

   [01 - IMAPMAGICPLUS preauthentification overflow]

   Affected Versions: 2.2.4 - 2.2.8
   
   When the option imapmagicplus is activated on a server the PROXY
   and LOGIN commands suffer a standard stack overflow, because the
   username is not checked against a maximum length when it is copied
   into a temporary stack buffer. This bug is especially dangerous
   because it can be triggered before any kind of authentification
   took place.

   [02 - PARTIAL command out of bounds memory corruption]

   Affected Versions: <= 2.2.6 (because unexploitable in 2.2.7, 2.2.8)
   
   Due to a bug within the argument parser of the partial command an 
   argument like "body[p" will be wrongly detected as "body.peek".
   Because of this the bufferposition gets increased by 10 instead of 5
   and could therefore point outside the allocated memory buffer for
   the rest of the parsing process. 
   In imapd versions prior to 2.2.7 the handling of "body" or "bodypeek"
   arguments was broken so that the terminating ']' got overwritten by
   a '\0'. Combined the two problems allow a potential attacker to
   overwrite a single byte of malloc() control structures, which leads
   to remote code execution if the attacker successfully controls the
   heap layout.
																																										    
   [03 - FETCH command out of bounds memory corruption]
   
   Affected Versions: <= 2.2.8
   
   The argument parser of the fetch command suffers a bug very similiar
   to the partial command problem. Arguments like "body[p", "binary[p"
   or "binary[p" will be wrongly detected and the bufferposition can
   point outside of the allocated buffer for the rest of the parsing
   process.
   When the parser triggers the PARSE_PARTIAL macro after such a
   malformed argument was received this can lead to a similiar one byte
   memory corruption and allows remote code execution, when the heap
   layout was successfully controlled by the attacker.
   
   [04 - APPEND command uses undefined programming construct ]
   
   Affected Version: 2.2.7, 2.2.8
   
   To support MULTIAPPENDS the cmd_append handler uses the global
   stage array. This array is one of the things that gets destructed
   when the fatal() function is triggered.
   When the Cyrus IMAP code adds new entries to this array this is
   done with the help of the postfix increment operator in combination
   with memory allocation functions. The increment is performed on a
   global variable counting the number of allocated stages. Because
   the memory allocation function can fail and therefore internally
   call fatal() this construct is undefined arcording to ANSI C.
   This means that it is not clearly defined if the numstage counter
   is already increased when fatal() is called or not. While older
   gcc versions increase the counter after the memory allocation 
   function has returned, on newer gcc versions (3.x) the counter
   gets actually increased before.
   In such a case the stage destructing process will try to free an
   uninitialised and maybe attacker supplied pointer. Which again
   could lead to remote code execution. (Because it is hard for an
   attacker to let the memory allocation functions fail in the right
   moment no PoC code for this problem was designed)
      

Proof of Concept:

   e-matters is not going to release exploits for any of these
   vulnerabilities to the public.


Disclosure Timeline:

   06. November 2004 - Sent an email to the Cyrus IMAP team
   11. November 2004 - Got reply from the Cyrus developers and
                       shared the information with vendor-sec
   17. November 2004 - Cyurs IMAP team contacted vendor-sec with
                       the official patch
   22. November 2004 - Cyrus IMAP Server 2.2.9 released
   22. November 2004 - Public Disclosure


CVE Information:

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CAN-2004-1011 to issue 01, the name CAN-2004-1012
   to issue 02 and the name CAN-2004-1013 to issue 03.


Recommendation:

   It is strongly recommended to upgrade to the updated version of 
   Cyrus IMAP Server as soon as possible because there is no 
   workaround.


GPG-Key:

   http://security.e-matters.de/gpg_key.asc

   pub  1024D/3004C4BC 2004-05-17 e-matters GmbH - Securityteam
   Key fingerprint = 3FFB 7C86 7BE8 6981 D1DA  A71A 6F7D 572D 3004 C4BC


Copyright 2004 Stefan Esser. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBoh47b31XLTAExLwRAvzFAKDbh+j4e7Ik8ZZLLRE2yQgl3JE9DQCg4dFk
Scr8eho+REasVTQgw7tF42E=
=1wJv
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F35117)

cryus.imap.2.2.8.txt (PacketStormID:F35117)
2004-11-24 00:00:00
Stefan Esser  security.e-matters.de
advisory,remote,vulnerability
CVE-2004-1011,CVE-2004-1012,CVE-2004-1013
[点击下载]

Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.

Release Date: 2004/11/22
   Author: [4]Stefan Esser [s.esser@ematters.de]
   Application: Cyrus IMAP Server <= 2.2.8
   Severity: Several vulnerabilities within Cyrus IMAP Server allow
   remote execution of arbitrary code
   Risk: Critical
   Reference: [5]http://security.e-matters.de/advisories/152004.html 
   Last Modified:   2004/11/22




   Overview
   IMAP (Internet Message Access Protocol) is an Internet standards-
   track protocol for accessing messages (mail, bboards, news, etc). The
   Cyrus IMAP server differs from other IMAP server implementations in
   that it is generally intended to be run on sealed servers, where
   normal users are not permitted to log in. The mailbox database is
   stored in parts of the filesystem that are private to the Cyrus IMAP
   system. All user access to mail is through the IMAP, POP3, or KPOP
   protocols.
   During an audit of imapd several vulnerabilities were discovered
   ranging from a standard stack overflow, over out of bounds heap
   corruptions, to a bug caused by the use of programming constructs that
   are undefined according to the C standard.
   All these bugs can lead to remote execution of arbitrary code
   depending on the skills of the attacker.



   Details
[01 - IMAPMAGICPLUS preauthentification overflow]

Affected Versions: 2.2.4 - 2.2.8

   When the option imapmagicplus is activated on a server the PROXY and
   LOGIN commands suffer a standard stack overflow, because the username
   is not checked against a maximum length when it is copied into a
   temporary stack buffer. This bug is especially dangerous because it
   can be triggered before any kind of authentification took place.
[02 - PARTIAL command out of bounds memory corruption]

Affected Versions: <= 2.2.6 (because unexploitable in 2.2.7, 2.2.8)

   Due to a bug within the argument parser of the partial command an
   argument like "body[p" will be wrongly detected as "body.peek".
   Because of this the bufferposition gets increased by 10 instead of 5
   and could therefore point outside the allocated memory buffer for the
   rest of the parsing process. In imapd versions prior to 2.2.7 the
   handling of "body" or "bodypeek" arguments was broken so that the
   terminating ']' got overwritten by a '\0'. Combined the two problems
   allow a potential attacker to overwrite a single byte of malloc()
   control structures, which leads to remote code execution if the
   attacker successfully controls the heap layout.
[03 - FETCH command out of bounds memory corruption]

Affected Versions: <= 2.2.8

   The argument parser of the fetch command suffers a bug very similiar
   to the partial command problem. Arguments like "body[p", "binary[p" or
   "binary[p" will be wrongly detected and the bufferposition can point
   outside of the allocated buffer for the rest of the parsing process.
   When the parser triggers the PARSE_PARTIAL macro after such a
   malformed argument was received this can lead to a similiar one byte
   memory corruption and allows remote code execution, when the heap
   layout was successfully controlled by the attacker.
[04 - APPEND command uses undefined programming construct ]

Affected Version: 2.2.7, 2.2.8

   To support MULTIAPPENDS the cmd_append handler uses the global stage
   array. This array is one of the things that gets destructed when the
   fatal() function is triggered. When the Cyrus IMAP code adds new
   entries to this array this is done with the help of the postfix
   increment operator in combination with memory allocation functions.
   The increment is performed on a global variable counting the number of
   allocated stages. Because the memory allocation function can fail and
   therefore internally call fatal() this construct is undefined
   arcording to ANSI C. This means that it is not clearly defined if the
   numstage counter is already increased when fatal() is called or not.
   While older gcc versions increase the counter after the memory
   allocation function has returned, on newer gcc versions (3.x) the
   counter gets actually increased before. In such a case the stage
   destructing process will try to free an uninitialised and maybe
   attacker supplied pointer. Which again could lead to remote code
   execution. (Because it is hard for an attacker to let the memory
   allocation functions fail in the right moment no PoC code for this
   problem was designed)



   Proof of Concept
   e-matters is not going to release exploits for any of these
   vulnerabilities to the public.



   Disclosure Timeline
   06. Nov 2004 Sent an email to the Cyrus IMAP team
   11. Nov 2004 Got reply from the Cyrus developers and shared the
   information with vendor-sec
   17. Nov 2004 Cyurs IMAP team contacted vendor-sec with the official
   patch
   22. Nov 2004 Cyrus IMAP Server 2.2.9 released
   22. Nov 2004 Public Disclosure




   CVE Information
   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CAN-2004-1011 to issue 01, the name CAN-2004-1012 to
   issue 02 and the name CAN-2004-1013 to issue 03.



   Recommendation
   It is strongly recommended to upgrade to the updated version of Cyrus
   IMAP Server as soon as possible because there is no workaround.



   GPG-Key
   [6][DOWNLOAD NEW GPG-KEY]
   pub 1024D/3004C4BC 2004-05-17 e-matters GmbH - Securityteam
   Key fingerprint = 3FFB 7C86 7BE8 6981 D1DA A71A 6F7D 572D 3004 C4BC



   Copyright 2004 [7]Stefan Esser. All rights reserved.
    

- 漏洞信息

12096
Cyrus IMAP Server IMAPMAGICPLUS Option Pre-Authentication Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2004-11-22 2004-11-06
2005-03-31 Unknow

- 解决方案

Upgrade to version 2.2.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cyrus IMAPD Multiple Remote Vulnerabilities
Boundary Condition Error 11729
Yes No
2004-11-23 12:00:00 2009-07-12 08:06:00
Stefan Esser <s.esser@ematters.de> disclosed these vulnerabilities.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Enterprise Linux 2.0
Red Hat Fedora Core3
Red Hat Fedora Core2
OpenPKG OpenPKG Current
Conectiva Linux 10.0
Conectiva Linux 9.0
Carnegie Mellon University Cyrus IMAP Server 2.2.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Carnegie Mellon University Cyrus IMAP Server 2.2.7
Carnegie Mellon University Cyrus IMAP Server 2.2.6
Carnegie Mellon University Cyrus IMAP Server 2.2.5
Carnegie Mellon University Cyrus IMAP Server 2.2.4
Carnegie Mellon University Cyrus IMAP Server 2.2.3
Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA
Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA
Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA
Carnegie Mellon University Cyrus IMAP Server 2.1.16
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Carnegie Mellon University Cyrus IMAP Server 2.1.10
Carnegie Mellon University Cyrus IMAP Server 2.1.9
+ S.u.S.E. Linux 8.1
Carnegie Mellon University Cyrus IMAP Server 2.1.7
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
Carnegie Mellon University Cyrus IMAP Server 2.2.10
+ Conectiva Linux 10.0
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Carnegie Mellon University Cyrus IMAP Server 2.2.9
Carnegie Mellon University Cyrus IMAP Server 2.1.17
+ Conectiva Linux 9.0

- 不受影响的程序版本

Carnegie Mellon University Cyrus IMAP Server 2.2.10
+ Conectiva Linux 10.0
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Carnegie Mellon University Cyrus IMAP Server 2.2.9
Carnegie Mellon University Cyrus IMAP Server 2.1.17
+ Conectiva Linux 9.0

- 漏洞讨论

Several remote buffer overflow and heap corruption vulnerabilities in versions of Cyrus IMAPD up to 2.2.8 have been identified.

These vulnerabilities reportedly allow remote, attacker-supplied machine code to be executed in the context of the affected server process. Cyrus-IMAPD is usually running as a non-privileged user.

- 漏洞利用

CORE has developed a working commercial exploit for their IMPACT
product. This exploit is not otherwise publicly available or known
to be circulating in the wild.

crash-x/unl0ck have released exploit code (unrealmagic.c) for the vulnerability affecting 'IMAPMAGICPLUS' support (CAN-2004-1011).

- 解决方案

Ubuntu Linux has released advisory (USN-31-1) and fixes to address this vulnerability. Please see the referenced advisory for further details in regard to obtaining and applying appropriate fixes.

Gentoo has released advisory GLSA 200411-34 to address these issues. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.10"

Debian has released advisory DSA 597-1 to address these issues. Please see the attached advisory for further information on obtaining and applying fixes.

Mandrake has released advisory MDKSA-2004:139 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

The vendor has released version 2.2.9 and 2.1.17 of the affected package to resolve these issues and other issues:

Trustix Linux has released advisory TSL-2004-0063 along with fixes dealing with these and other issues. Please see the referenced advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2004.051 along with fixes dealing with these issues. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:904 along with fixes dealing with this issue. Please see the referenced advisory for more information.

RedHat Fedora Linux has released advisory FEDORA-2004-487 for their Core 2 product and advisory FEDORA-2004-489 for their Core 3 product. Please see the referenced advisories for more information.

SUSE has released an advisory SUSE-SA:2004:043 to address these issues. Please see the referenced advisory for more information.

Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. An update for Mac OS X Server v10.3.8 is available.


Apple Mac OS X 10.3.8

Apple Mac OS X Server 10.3.8

Carnegie Mellon University Cyrus IMAP Server 2.1.10

Carnegie Mellon University Cyrus IMAP Server 2.1.16

Carnegie Mellon University Cyrus IMAP Server 2.1.7

Carnegie Mellon University Cyrus IMAP Server 2.1.9

Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA

Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA

Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA

Carnegie Mellon University Cyrus IMAP Server 2.2.3

Carnegie Mellon University Cyrus IMAP Server 2.2.4

Carnegie Mellon University Cyrus IMAP Server 2.2.5

Carnegie Mellon University Cyrus IMAP Server 2.2.6

Carnegie Mellon University Cyrus IMAP Server 2.2.7

Carnegie Mellon University Cyrus IMAP Server 2.2.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站