CVE-2005-0198
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2010-08-21 00:25:38
NMCOS    

[原文]A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.


[CNNVD]University Of Washington IMAP Server CRAM-MD5远程身份验证绕过漏洞(CNNVD-200505-445)

        University of Washington IMAP (UW-IMAP) server的CRAM-MD5代码中存在逻辑错误,在启用"口令-应答认证机制"MD5 (CRAM-MD5)的情况下,并不能针对成功的身份验证正确强制所有要求的条件,从而远程攻击者可以作为任意用户进行身份验证。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11306Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0198
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-445
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/CRDY-68QSL5
(PATCH)  CONFIRM  http://www.kb.cert.org/vuls/id/CRDY-68QSL5
http://www.kb.cert.org/vuls/id/702777
(VENDOR_ADVISORY)  CERT-VN  VU#702777
http://www.redhat.com/support/errata/RHSA-2005-128.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:128
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
(PATCH)  GENTOO  GLSA-200502-02
http://www.securityfocus.com/bid/12391
(UNKNOWN)  BID  12391
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
(UNKNOWN)  MANDRAKE  MDKSA-2005:026
http://securitytracker.com/id?1013037
(UNKNOWN)  SECTRACK  1013037
http://secunia.com/advisories/14097
(UNKNOWN)  SECUNIA  14097
http://secunia.com/advisories/14057
(UNKNOWN)  SECUNIA  14057

- 漏洞信息

University Of Washington IMAP Server CRAM-MD5远程身份验证绕过漏洞
高危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        University of Washington IMAP (UW-IMAP) server的CRAM-MD5代码中存在逻辑错误,在启用"口令-应答认证机制"MD5 (CRAM-MD5)的情况下,并不能针对成功的身份验证正确强制所有要求的条件,从而远程攻击者可以作为任意用户进行身份验证。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        University of Washington imap 2002b
        TurboLinux imap-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-2002b-11.i586.rpm
        TurboLinux imap-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-2002b-11.i586.rpm
        TurboLinux imap-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-2002b-11.i586.rpm
        TurboLinux imap-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-2002b-11.i586.rpm
        TurboLinux imap-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-2002b-11.i586.rpm
        TurboLinux imap-devel-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-devel-2002b-11.i586.rpm
        TurboLinux imap-devel-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-devel-2002b-11.i586.rpm
        TurboLinux imap-devel-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-devel-2002b-11.i586.rpm
        TurboLinux imap-devel-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-devel-2002b-11.i586.rpm
        TurboLinux imap-devel-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-devel-2002b-11.i586.rpm
        TurboLinux imap-libs-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-libs-2002b-11.i586.rpm
        TurboLinux imap-libs-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-libs-2002b-11.i586.rpm
        TurboLinux imap-libs-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-libs-2002b-11.i586.rpm
        TurboLinux imap-libs-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-libs-2002b-11.i586.rpm
        TurboLinux imap-libs-2002b-11.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-libs-2002b-11.i586.rpm
        University of Washington UW-imap 2004c
        ftp://ftp.cac.washington.edu/mail/imap.tar.Z
        University of Washington imap 2004
        Mandrake imap-2004-2.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake imap-2004-2.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake imap-devel-2004-2.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake imap-devel-2004-2.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake imap-utils-2004-2.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake imap-utils-2004-2.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64c-client-php0-2004-2.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64c-client-php0-devel-2004-2.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libc-client-php0-2004-2.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libc-client-php0-devel-2004-2.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www.mandrakesecure.net/en/ftp.php
        University of Washington UW-imap 2004c
        ftp://ftp.cac.washington.edu/mail/imap.tar.Z
        University of Washington imap 2004a
        SuSE imap-2004a-3.2.i586.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/imap-2004a-3.2.i5 86.rpm
        SuSE imap-2004a-3.2.x86_64.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/imap-2004a-3.2. x86_64.rpm
        TurboLinux imap-2004a-5.i586.rpm
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imap-2004a-5.i586.rpm
        TurboL

- 漏洞信息

13242
UW-imapd CRAM-MD5 Authentication Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2004b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
Design Error 12391
Yes No
2005-01-28 12:00:00 2009-07-12 10:06:00
Mark Crispin and Hugh Sheets of the University of Washington are credited with disclosing this issue.

- 受影响的程序版本

University of Washington imap 2004b
+ Gentoo Linux
University of Washington imap 2004a
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
University of Washington imap 2004
University of Washington imap 2002e
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
University of Washington imap 2002d
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
University of Washington imap 2002c
University of Washington imap 2002b
University of Washington imap 2002
+ S.u.S.E. Linux Personal 8.2
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
SGI Advanced Linux Environment 3.0
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core1
University of Washington imap 2004c

- 不受影响的程序版本

University of Washington imap 2004c

- 漏洞讨论

A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts.

It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default.

A remote attacker may leverage this issue to authenticate to the affected server as any user.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an upgrade dealing with this issue.

Turbolinux has made an advisory available (TLSA-2005-32) dealing with this issue. Please see the referenced advisory for more information.

Mandrake linux has made an advisory available (MDKSA-2005:026) dealing with this issue. Please see the referenced advisory for more information.

Gentoo linux has made advisory GLSA 200502-02 available dealing with this issue. Gentoo advises that all UW IMAP users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b"

For more information please see the referenced Gentoo advisory.

Red Hat has released advisory RHSA-2005:128-06 to address this issue in Red Hat Enterprise Linux 3. Please see the advisory in Web references for more information.

SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.

SuSE Linux has released advisory SUSE-SA:2005:012 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Silicon Graphics has released advisory 20050301-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.

The Fedora Legacy project has released advisory FLSA:152912 to address this issue in RedHat Linux 7.3, 9, and Fedora Core 1. Please see the referenced advisory for further information.


University of Washington imap 2002b

University of Washington imap 2004

University of Washington imap 2004a

University of Washington imap 2002

University of Washington imap 2002c

University of Washington imap 2002e

University of Washington imap 2002d

University of Washington imap 2004b

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站