CVE-2005-0546
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:12:36
NMCOPS    

[原文]Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.


[CNNVD]Cyrus IMAP Server多个缓冲区溢出漏洞(CNNVD-200505-722)

        Cyrus IMAP Server是一款免费开放源代码Interactive Mail Access Protocol (IMAP)协议实现,可使用在Unix和Linux操作系统下。
        Cyrus IMAPd存在多个缓冲区溢出问题 ,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:cyrus:imapd:2.2.10
cpe:/a:cyrus:imapd:2.0.17
cpe:/a:cyrus:imapd:2.1.18
cpe:/a:cyrus:imapd:2.1.17
cpe:/a:cyrus:imapd:2.1.16

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10674Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imap...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0546
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0546
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-722
(官方数据源) CNNVD

- 其它链接及资源

http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
(PATCH)  MLIST  [info-cyrus] 20050214 Cyrus IMAPd 2.2.11 Released
http://bugs.gentoo.org/show_bug.cgi?id=82404
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=82404
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000937
(VENDOR_ADVISORY)  CONECTIVA  CLA-2005:937
http://marc.info/?l=bugtraq&m=110972236203397&w=2
(UNKNOWN)  BUGTRAQ  20050228 [USN-87-1] Cyrus IMAP server vulnerability
http://security.gentoo.org/glsa/glsa-200502-29.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200502-29
http://securitytracker.com/id?1013278
(UNKNOWN)  SECTRACK  1013278
http://www.mandriva.com/security/advisories?name=MDKSA-2005:051
(UNKNOWN)  MANDRAKE  MDKSA-2005:051
http://www.redhat.com/support/errata/RHSA-2005-408.html
(UNKNOWN)  REDHAT  RHSA-2005:408
http://www.securityfocus.com/archive/1/archive/1/430294/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:156290
http://www.securityfocus.com/bid/12636
(UNKNOWN)  BID  12636

- 漏洞信息

Cyrus IMAP Server多个缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Cyrus IMAP Server是一款免费开放源代码Interactive Mail Access Protocol (IMAP)协议实现,可使用在Unix和Linux操作系统下。
        Cyrus IMAPd存在多个缓冲区溢出问题 ,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载2.2.11版本:
        ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz
        http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

- 漏洞信息 (F37013)

OpenPKG Security Advisory 2005.5 (PacketStormID:F37013)
2005-04-17 00:00:00
OpenPKG Foundation  openpkg.org
advisory,remote,vulnerability,imap
CVE-2005-0546
[点击下载]

OpenPKG Security Advisory - Sean Larsson discovered several vulnerabilities in the Cyrus IMAP Server that could allow a remote attacker to execute machine code in the context of the server process.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2005.005                                          05-Apr-2005
________________________________________________________________________

Package:             imapd
Vulnerability:       arbitrary code execution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:          Corrected Packages:
OpenPKG CURRENT      <= imapd-2.2.10-20050129    >= imapd-2.2.11-20050214
OpenPKG 2.2          <= imapd-2.2.8-2.2.1        >= imapd-2.2.8-2.2.2

Dependent Packages:  none

Description:
  Sean Larsson discovered several vulnerabilities in the Cyrus IMAP
  Server [0] that could allow a remote attacker to execute machine code
  in the context of the server process.

  The Cyrus Electronic Messaging Project identified the affected
  server logic and released a security advisory [1]. Essentially,
  the application is affected by multiple one byte buffer overflows
  affecting the IMAP annotate extension and cached header handling
  routines. Additionally, stack based overflows affecting the fetchnews,
  backend, and imapd logic exist as well. The Common Vulnerabilities and
  Exposures (CVE) project assigned the identifier CAN-2005-0546 [2] to
  the problem.

  Please check whether you are affected by running "<prefix>/bin/openpkg
  rpm -q imapd". If you have the "imapd" package installed and its
  version is affected (see above), we recommend that you immediately
  upgrade it (see Solution). [3][4]

Solution:
  Select the updated source RPM appropriate for your OpenPKG release
  [5], fetch it from the OpenPKG FTP service [6] or a mirror location,
  verify its integrity [7], build a corresponding binary RPM from it
  [3] and update your OpenPKG installation by applying the binary RPM
  [4]. For the most previous release OpenPKG 2.2, perform the following
  operations to permanently fix the security problem.

  $ ftp ftp.openpkg.org
  ftp> bin
  ftp> cd release/2.2/UPD
  ftp> get imapd-2.2.8-2.2.2.src.rpm
  ftp> bye
  $ <prefix>/bin/openpkg rpm -v --checksig imapd-2.2.8-2.2.2.src.rpm
  $ <prefix>/bin/openpkg rpm --rebuild imapd-2.2.8-2.2.2.src.rpm
  $ su -
  # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/imapd-2.2.8-2.2.2.*.rpm
________________________________________________________________________

References:
  [0] http://asg.web.cmu.edu/cyrus/imapd/
  [1] http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0546
  [3] http://www.openpkg.org/tutorial.html#regular-source
  [4] http://www.openpkg.org/tutorial.html#regular-binary
  [5] ftp://ftp.openpkg.org/release/2.2/UPD/imapd-2.2.8-2.2.2.src.rpm
  [6] ftp://ftp.openpkg.org/release/2.2/UPD/
  [7] http://www.openpkg.org/security.html#signature
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFCUqPxgHWT4GPEy58RAt+GAKDOatq1M0OtZNO4Jdq0prnrNrbDowCgzbfn
74UcLwGpm7wfbOoSpT7Nu4M=
=z4o5
-----END PGP SIGNATURE-----
    

- 漏洞信息

14089
Cyrus IMAP Server Mailbox Cached Header Handling Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2005-02-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.2.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
Boundary Condition Error 12636
Yes No
2005-02-14 12:00:00 2006-12-15 09:03:00
The vendor reported these issues.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 4
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Cyrus SASL 2.2.3
Conectiva Linux 10.0
Conectiva Linux 9.0
Carnegie Mellon University Cyrus IMAP Server 2.2.10
+ Conectiva Linux 10.0
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Carnegie Mellon University Cyrus IMAP Server 2.2.9
Carnegie Mellon University Cyrus IMAP Server 2.2.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Carnegie Mellon University Cyrus IMAP Server 2.2.7
Carnegie Mellon University Cyrus IMAP Server 2.2.6
Carnegie Mellon University Cyrus IMAP Server 2.2.5
Carnegie Mellon University Cyrus IMAP Server 2.2.4
Carnegie Mellon University Cyrus IMAP Server 2.2.3
Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA
Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA
Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA
Carnegie Mellon University Cyrus IMAP Server 2.1.17
+ Conectiva Linux 9.0
Carnegie Mellon University Cyrus IMAP Server 2.1.16
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Carnegie Mellon University Cyrus IMAP Server 2.1.10
Carnegie Mellon University Cyrus IMAP Server 2.1.9
+ S.u.S.E. Linux 8.1
Carnegie Mellon University Cyrus IMAP Server 2.1.7
Carnegie Mellon University Cyrus IMAP Server 2.0.16
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Carnegie Mellon University Cyrus IMAP Server 2.0.12
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Carnegie Mellon University Cyrus IMAP Server 2.2.11

- 不受影响的程序版本

Carnegie Mellon University Cyrus IMAP Server 2.2.11

- 漏洞讨论

Cyrus IMAPD is reported susceptible to multiple remote vulnerabilities. These vulnerabilities include multiple buffer-overflow issues that may allow remote attackers to execute machine code in the context of the server process. This may lead to unauthorized access or privilege escalation.

The following specific issues were identified:

- Multiple one-byte buffer-overflow vulnerabilities affecting the IMAP annotate extension (the mailbox handling code) and the routines that handle cached headers.

- Multiple stack-based overflow vulnerabilities affecting fetchnews, backend, and imapd.

Cyrus IMAPD 2.0.11 and prior versions are affected by these issues.

Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


Please see the referenced advisories for more information.


Carnegie Mellon University Cyrus IMAP Server 2.0.12

Carnegie Mellon University Cyrus IMAP Server 2.0.16

Carnegie Mellon University Cyrus IMAP Server 2.1.10

Carnegie Mellon University Cyrus IMAP Server 2.1.16

Carnegie Mellon University Cyrus IMAP Server 2.1.17

Carnegie Mellon University Cyrus IMAP Server 2.1.7

Carnegie Mellon University Cyrus IMAP Server 2.1.9

Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA

Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA

Carnegie Mellon University Cyrus IMAP Server 2.2.10

Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA

Carnegie Mellon University Cyrus IMAP Server 2.2.3

Carnegie Mellon University Cyrus IMAP Server 2.2.4

Carnegie Mellon University Cyrus IMAP Server 2.2.5

Carnegie Mellon University Cyrus IMAP Server 2.2.6

Carnegie Mellon University Cyrus IMAP Server 2.2.7

Carnegie Mellon University Cyrus IMAP Server 2.2.8

Carnegie Mellon University Cyrus IMAP Server 2.2.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站