CVE-2005-2933
CVSS7.5
发布时间 :2005-10-13 18:02:00
修订时间 :2011-03-07 21:25:18
NMCOPS    

[原文]Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.


[CNNVD]UW-IMAP邮箱名称解析溢出漏洞(CNNVD-200510-081)

        UW-IMAP是Linux和UNIX系统的免费IMAP服务,捆绑于各种Linux版本中。
        UW-IMAP中存在缓冲区溢出漏洞,起因是没有对用户提供的值进行充分的边界检查。src/c-client/mail.c中的mail_valid_net_parse_work()函数负责从用户提供的数据中获取并验证指定的邮箱名。在解析邮箱名时存在一个错误,会导致在解析单个双引号字符后继续拷贝内存,直到找到下一个单引号字符。
        成功利用这个漏洞的攻击者会以IMAP服务程序的权限执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:university_of_washington:uw-imap:2004
cpe:/a:university_of_washington:uw-imap:2004d
cpe:/a:university_of_washington:uw-imap:2004a
cpe:/a:university_of_washington:uw-imap:2004b
cpe:/a:university_of_washington:uw-imap:2004e
cpe:/a:university_of_washington:uw-imap:2004c
cpe:/a:university_of_washington:uw-imap:2004f

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9858Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2933
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-081
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/933601
(UNKNOWN)  CERT-VN  VU#933601
http://www.washington.edu/imap/
(PATCH)  CONFIRM  http://www.washington.edu/imap/
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=true
(VENDOR_ADVISORY)  IDEFENSE  20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/17062/
(VENDOR_ADVISORY)  SECUNIA  17062
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html
(PATCH)  FULLDISC  20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
http://xforce.iss.net/xforce/xfdb/22518
(UNKNOWN)  XF  uw-imap-mailbox-name-bo(22518)
http://www.vupen.com/english/advisories/2006/2685
(UNKNOWN)  VUPEN  ADV-2006-2685
http://www.securityfocus.com/bid/15009
(UNKNOWN)  BID  15009
http://www.securityfocus.com/archive/1/archive/1/430303/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:184098
http://www.securityfocus.com/archive/1/archive/1/430296/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:170411
http://www.redhat.com/support/errata/RHSA-2006-0501.html
(UNKNOWN)  REDHAT  RHSA-2006:0501
http://www.redhat.com/support/errata/RHSA-2005-850.html
(UNKNOWN)  REDHAT  RHSA-2005:850
http://www.redhat.com/support/errata/RHSA-2005-848.html
(UNKNOWN)  REDHAT  RHSA-2005:848
http://www.novell.com/linux/security/advisories/2005_23_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:023
http://www.mandriva.com/security/advisories?name=MDKSA-2005:189
(UNKNOWN)  MANDRIVA  MDKSA-2005:189
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml
(UNKNOWN)  GENTOO  GLSA-200510-10
http://www.debian.org/security/2005/dsa-861
(UNKNOWN)  DEBIAN  DSA-861
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161
(UNKNOWN)  SLACKWARE  SSA:2005-310-06
http://securitytracker.com/id?1015000
(UNKNOWN)  SECTRACK  1015000
http://secunia.com/advisories/21564
(UNKNOWN)  SECUNIA  21564
http://secunia.com/advisories/21252
(UNKNOWN)  SECUNIA  21252
http://secunia.com/advisories/20951
(UNKNOWN)  SECUNIA  20951
http://secunia.com/advisories/20222
(UNKNOWN)  SECUNIA  20222
http://secunia.com/advisories/19832
(UNKNOWN)  SECUNIA  19832
http://secunia.com/advisories/18554
(UNKNOWN)  SECUNIA  18554
http://secunia.com/advisories/17950
(UNKNOWN)  SECUNIA  17950
http://secunia.com/advisories/17930
(UNKNOWN)  SECUNIA  17930
http://secunia.com/advisories/17928
(UNKNOWN)  SECUNIA  17928
http://secunia.com/advisories/17483
(UNKNOWN)  SECUNIA  17483
http://secunia.com/advisories/17336
(UNKNOWN)  SECUNIA  17336
http://secunia.com/advisories/17276
(UNKNOWN)  SECUNIA  17276
http://secunia.com/advisories/17215
(UNKNOWN)  SECUNIA  17215
http://secunia.com/advisories/17152
(UNKNOWN)  SECUNIA  17152
http://secunia.com/advisories/17148
(UNKNOWN)  SECUNIA  17148
http://rhn.redhat.com/errata/RHSA-2006-0549.html
(UNKNOWN)  REDHAT  RHSA-2006:0549
http://rhn.redhat.com/errata/RHSA-2006-0276.html
(UNKNOWN)  REDHAT  RHSA-2006:0276
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
(UNKNOWN)  SGI  20051201-01-U
http://www.mandriva.com/security/advisories?name=MDKSA-2005:194
(UNKNOWN)  MANDRIVA  MDKSA-2005:194
http://securityreason.com/securityalert/47
(UNKNOWN)  SREASON  47
http://secunia.com/advisories/20210
(UNKNOWN)  SECUNIA  20210
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

UW-IMAP邮箱名称解析溢出漏洞
高危 缓冲区溢出
2005-10-13 00:00:00 2007-02-07 00:00:00
远程  
        UW-IMAP是Linux和UNIX系统的免费IMAP服务,捆绑于各种Linux版本中。
        UW-IMAP中存在缓冲区溢出漏洞,起因是没有对用户提供的值进行充分的边界检查。src/c-client/mail.c中的mail_valid_net_parse_work()函数负责从用户提供的数据中获取并验证指定的邮箱名。在解析邮箱名时存在一个错误,会导致在解析单个双引号字符后继续拷贝内存,直到找到下一个单引号字符。
        成功利用这个漏洞的攻击者会以IMAP服务程序的权限执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.cac.washington.edu/mail/imap.tar.Z

- 漏洞信息 (F48756)

FLSA-2006-175040.txt (PacketStormID:F48756)
2006-08-03 00:00:00
 
advisory,php
linux,fedora
CVE-2005-2933,CVE-2005-3883,CVE-2006-0208,CVE-2006-0996,CVE-2006-1490,CVE-2006-1990
[点击下载]

Fedora Legacy Update Advisory FLSA:175040 - Updated PHP packages that fix multiple security issues are now available.

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:175040
Issue date:        2006-07-27
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2933 CVE-2005-3883 CVE-2006-0208
                   CVE-2006-0996 CVE-2006-1490 CVE-2006-1990
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated PHP packages that fix multiple security issues are now
available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static
c-client libraries from imap and therefore needed to be recompiled
against the fixed version. (CVE-2005-2933).

An input validation error was found in the "mb_send_mail()" function. An
attacker could use this flaw to inject arbitrary headers in a mail sent
via a script calling the "mb_send_mail()" function where the "To"
parameter can be controlled by the attacker. (CVE-2005-3883)

The error handling output was found to not properly escape HTML output
in certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and
html_errors are enabled. (CVE-2006-0208)

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the
memory. In order for this issue to be exploitable the target site would
need to have a PHP script which called the "html_entity_decode()"
function with untrusted input from the user and displayed the result.
(CVE-2006-1490)

The wordwrap() PHP function did not properly check for integer overflow
in the handling of the "break" parameter. An attacker who could control
the string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm


7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

rh73:
716216fdf1ddc42bb8d210d1e121ba8d0e7f4d7c
redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
61612a0c2e6244ccfb4e35ea04865d48f75f7c48
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
d29efdfdd669875715c0956fedc59b99ef7681f3
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
1e09ae807ccf160ef9011818d4dda590bab224d7
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
0dfa25adffe75db47fbf2a366eb456d8fcfca918
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
9141e782d32739b5bc2a9b611d7cdc352e523c26
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
f1e88cf8e7f644f81473efc561f4df502ef7bc24
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
dd58b7187e116874558c5567b8c6897d1d1d4154
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
0575467b89a44d1e5b0bebc00fac018666a8b827
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm
8541c7eefbf6162eeca5f12f834ccf3af8fee85b
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

rh9:
1cd4a11bf52c1b18dce2937a7f15789b059c1967
redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
109a96dc0633b661e6789d9b41a3cf298e140401
redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
f5df6f259745f0050c15a50b75e2114381c07fb1
redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
8223f6cc4e84478523cd8560bdc9b75d90c33a14
redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
18ac761d897ba89e94086facdb7b529e7d60c0e2
redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
714057b386abaa03573d14c8757ef97858ba2b17
redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
c2002f4f520ea2f7dbe11402ad460a181c44175a
redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
26a858731e032c0622003c8d9398a6b5ead86b24
redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
258887bd3e690dad1b88dfcbc280a8523fa52338
redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm
fe815ab1d505fcef7629e0abe4b25f2c66054f1c
redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

fc1:
5cc63a63de0057797737ceefbdfeb0f466d87beb
fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
315b0ae174f33d437178982f47dd24ba48848346
fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
92d36fe3e062b33e6b22bcd101dd85dc03803616
fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
7083eb87cdcb9e83ef83e6ba7aee63a2a259ce89
fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
acb18926452c2faf331fc8b25a09de3f4da2d7cb
fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
c90c744840ebff6c9149b9df9513db63a10a6247
fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
e84b242476b61b0aa19b2b71af4f69043cc4ecee
fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
a765f1e3d73d9d5cbd1fb5cbfb868f70baf2ce4a
fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
0ef956e24befd3a9b462f0953edc164595ac27cf
fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
e5e9f011f9d403881a9350d5395db6ccaa402b6a
fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
f29d6f88cd780e32e9307c1d8ad8446e559c8a29
fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm
edbf95d5ea4944e3a41ccebcebaf2702b4545f98
fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

fc2:
f2ec94d1069ff3214ac031f7f5c6a1e29f22e90d
fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
34c8d44ccd71a3f09dc289d4f0fc826dc34f9a60
fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
09d8100aea583b0b47f87190b6a557ed3f7e3636
fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
f11bc7846717d98b73e73d9bf9870b2f5e19d341
fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
69d11e09f15a6acb488a28a8e4751f468e332c73
fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
a07b390dc004d6a330c49cf1e8262471c93e9108
fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
2820fb1d8832d034b2529ec7087c5839baebccfe
fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
ed69c77a9e312348a6ca73ad2d7f270459bc16dc
fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
5ff64a9b70c418ce762ff815be8fcefb5aa89d15
fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
9251da041356734713a644ff778ae4afc2ab2879
fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
eabd9dd422934c99902429c311f61a4a4a26e3c7
fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
7b027d1cd8844312ed20711bef92013078e33b83
fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm
026b3dd063586fe6e29f6cb482206e4f5631ac0f
fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

fc3:
cafefc39811f7923007e522aa5ca84a0e073dd96
fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
e2d84ad62c2703b5a7f3875d0d52e9461f5f81fe
fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
7b90726025ff13e815509216a73fa9c2914a6ad0
fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
6367004e4200fcb44778088c911495458b08cde4
fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
abb3cdd3dcc030b85e03a409372daac6093a63d0
fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
df673e8e983ea6cec3b50f65e50950f625493223
fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
4e95b2f44661683fd17c72f881323f36757793ef
fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
a891c751c82acc9bf1cc6ac59332196344b42a8c
fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
865dde39429ac6fc59296af9ed938c4e7b30216c
fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
32b5075e4e3406c4ab9715ef970f1e5ec4f808e3
fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
5867c11e75d26edbcd79e815bc79a1c2354878ec
fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
5f05fae3bc0ef2841ed479cb5968443fee448698
fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
71591b13628f0db7a0818c9bb818b63e176c9904
fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
c5f9dcb4c6e8bc117b88ffa06a60049a80f68287
fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm
78fb1d65369f96b86027bc04e91d2c058fbd1e73
fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
102f14f60d3dc134cb6f698f6d4d1f4264006940
fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
333d7213daf29f486ad7e047e1adc418c3258500
fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
59c18b269a3a1712684d8fab00c7577033ac2108
fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
ce155d28b0e81eb5527cf0e2f496bc8a9e5ce75d
fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
39e63584c3419002a43d71973ff93a356fc278c0
fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
b5131dae7d6908114b959d3ab0e1661158e66e0f
fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
5b366cf0918e314c52e2da44baac70c81dd6fa38
fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
eae4616e39e8a82a4cf931352d4610a293499e5e
fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
c3c95fb30901f381376be17003f29ed36a7f22d8
fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
4bc178a084fe1df33ac0a92c15f8d7b817f4a2c7
fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
9ce8349a77d7817e505629c5944a9c7c59a6e284
fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
d631abea1dd6cad2bd3d16d52877b5b3f310a2f5
fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
c91a27a8bf159f2586d0d6e8ba1ce07f4651e5bd
fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm
b560a17c4ad7954b0184660d900ea2bb37ee1b4a
fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

    

- 漏洞信息 (F40636)

Debian Linux Security Advisory 861-1 (PacketStormID:F40636)
2005-10-12 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary,imap
linux,debian
CVE-2005-2933
[点击下载]

Debian Security Advisory DSA 861-1 - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 861-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 11th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : uw-imap
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2933

"infamous41md" discovered a buffer overflow in uw-imap, the University
of Washington's IMAP Server that allows attackers to execute arbitrary
code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2002edebian1-11sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2002edebian1-11sarge1.

We recommend that you upgrade your uw-imap packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc
      Size/MD5 checksum:      785 bf3e532a78669fd66c329a46ea11809d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz
      Size/MD5 checksum:    85400 b295b9c10972cb78f3b4d25394b4b31d
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
      Size/MD5 checksum:  1517069 8ff277e7831326988d0ee0bfeca7c8ff

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum:    19982 ee7e9d78916253bef43c0513b1fa2df3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb
      Size/MD5 checksum:    19968 01cd3a699013ba2679af4cd4c4c97ee7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    45316 8eff87a5d99f8514a97ba925f64cc29c
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:  1400536 508b3322c04aba6a16ccd8360bcb2c8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:   623866 007e483d0f71e26d88135ebd621cf913
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    26112 1512b9c49a9e67222c42e1e1a3161f62
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    76068 d3f6e63d18eee660aec45970c75a1e9f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb
      Size/MD5 checksum:    50388 7915af40dc8454ed9c28b8210785b4b2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    43842 9ee07ca885ad0a760624ee9ac3359573
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:  1241462 a04eea3b29ce844bd36e882c358ec589
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:   585262 43379b991740461a5247103be7bb481c
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    25256 b46f5e4f874df2b1c64e46d4d179753f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    71862 9ea5e627919c4dc40db2ed70047da69c
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb
      Size/MD5 checksum:    47526 607377887f83ed71a87264bc85317bf3

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    43908 cbb7163d6976c804f7f7dde0eba82e8f
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:  1218296 e942c426a47bfa5fe43b269040dc259d
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:   572074 325eab596c707493b112c4157192fd7d
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    25284 aeedc4004a68ceb78d705c44cce7bd2b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    71378 611cd65efdeebdc3aba327482a966109
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb
      Size/MD5 checksum:    46240 48f471e616eb16cb6682ef206eff68b5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    42640 222b9d6cfae656aeb0995b6b742a8018
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:  1192272 a641726681b49cbf4a59d15a992c3307
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:   580390 70951fce39878d16e551d0a3d20b1396
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    25354 f72ec8b8f6c62b1c0185582387624fd3
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    69812 9f7ef54531d8a7f98302526ba0395b93
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb
      Size/MD5 checksum:    46514 07f09150e567ab8628e66b81ac4eef45

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    49584 cf5a3f4db538e69659eba3464ded819b
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:  1392282 8ad6f8db3031f8f312cdac57b423d9a6
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:   692648 0b9c67065ef7dc2bd19781778df56411
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    26856 253449914d0ebea21699f939ea21823b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    82692 4803d5030e4521f010e28ba0129528e0
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_ia64.deb
      Size/MD5 checksum:    57218 5015cfcc9c0a4ec7100e31c86874feb4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    45482 e9ae3633401d343357ef2ede9b5dcfde
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:  1290012 79d3092981ccf2fa5f6770e68ec494a9
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:   621964 9090bf13ad38d5d2584d1a2497aa59b0
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    26102 6df6311df18609d071cc918568b481ec
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    74376 e6ddda3b2f8765ef20d307888da4bb79
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_hppa.deb
      Size/MD5 checksum:    48796 a16164bb8d33476cb5ab8e9bc8bd851f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    42198 0c460fb08a6baf8597d588b06c0eb866
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:  1202760 bcfd325de3b1ae80142fd40863c98480
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:   557322 355de85312016eee76b442f617a1fa7b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    25282 7a22722226b591ddd992b340eed62a79
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    67800 b78499f7aedee1af72a0abdce500bf1b
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_m68k.deb
      Size/MD5 checksum:    45972 6d387a13b396d2af4fb9c3a0a739e703

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    45198 64a47c0e7299d4b9c2fabf9f5dbcd270
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:  1293040 0de4a01dd9aa001d0c9e3970add39139
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:   584784 b9981e6e319358c956ee8038e7ea70b5
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    26032 91f708c3c2aaac1ff684a0067761479f
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    70504 a77dc274b6df53c30e13aa54f933fda1
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mips.deb
      Size/MD5 checksum:    51994 b03effecefe81dab0d9523bcd4d31287

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    45138 d8319d4a2e984218582a2afcd3cd1f61
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:  1266374 12718fcede276595c4f6060adc06e50c
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:   584592 574d31724a1022e62a4c4954c4744b4b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    26024 60437f28a8d255810fc33b215fe124ca
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    70396 8b11bea999587f10987960d36d122739
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mipsel.deb
      Size/MD5 checksum:    52042 7f1f9bd83e7e82f3e3df8ae0a505f222

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    44714 3be1ef718719a94a9755ac2492bf4736
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:  1367392 5140873290e9c5eceeb81adb45b4cfbe
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:   584320 b249e6621e1b6835eb2d19c5307706ed
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    25724 ad84786248356abddf83822e32fad4e1
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    70054 3b49efb35b29fe1383d77acc99e77220
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_powerpc.deb
      Size/MD5 checksum:    49518 16be979ed27da72276922377cfe4e63f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    45220 f0f89e4980b1ae8d016a18a4465d5daa
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:  1605558 ab2145e4e5ed815eac6b535ed852a075
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:   598718 d65ae25a64e58b9657e4d289c426aa8d
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    25794 5958825b0b8f38b1768c0172d70f7a92
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    73032 7c90176a07024e8d4103b3c53da66d7c
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_s390.deb
      Size/MD5 checksum:    48286 d0b533d1d55562880e2830e6d9840b97

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    43512 2769984cb6ade49615903339399f76fc
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:  1230520 b2fb2513b5a3e244c8dcddfc0e944c59
    http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:   578812 1e99dac1bb48e24cc2dfc68e32be3a0b
    http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    25348 b763253c4b4767fcfffcefea7f708245
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    71438 a9f91e6c21f28a5a2ff630913d85a2aa
    http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_sparc.deb
      Size/MD5 checksum:    46204 bc1f2368bfddcde27cc20ee264234122


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDS1sDW5ql+IAeqTIRAk+oAJ4uTsc2Qld/uc0Zsy9KNQE6qiqr3wCfck2O
b3NCzziKDwQTeGXHcBRTEuw=
=u0R4
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40635)

Gentoo Linux Security Advisory 200510-10 (PacketStormID:F40635)
2005-10-12 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,imap
linux,gentoo
CVE-2005-2933
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-10 - Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Versions less than 2004g are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF4CFFB61543FD0B026678E77
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: uw-imap: Remote buffer overflow
      Date: October 11, 2005
      Bugs: #108206
        ID: 200510-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

uw-imap is vulnerable to remote overflow of a buffer in the IMAP server
leading to execution of arbitrary code.

Background
==========

uw-imap is the University of Washington's IMAP and POP server daemons.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  net-mail/uw-imap       < 2004g                           >= 2004g

Description
===========

Improper bounds checking of user supplied data while parsing IMAP
mailbox names can lead to overflowing the stack buffer.

Impact
======

Successful exploitation requires an authenticated IMAP user to request
a malformed mailbox name. This can lead to execution of arbitrary code
with the permissions of the IMAP server.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All uw-imap users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004g"

References
==========

  [ 1 ] CAN-2005-2933
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
  [ 2 ] iDEFENSE Security Advisory

http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enigF4CFFB61543FD0B026678E77
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDS55avcL1obalX08RAkctAJ4qUBej4z7zgu6lEYDwosot1+lVRACdGTPu
q7RoS3va+ImDyQctun6VdyQ=
=l5yN
-----END PGP SIGNATURE-----

--------------enigF4CFFB61543FD0B026678E77--
    

- 漏洞信息 (F40453)

iDEFENSE Security Advisory 2005-10-04.1 (PacketStormID:F40453)
2005-10-06 00:00:00
iDefense Labs,infamous41md  idefense.com
advisory,remote,overflow,arbitrary,imap
CVE-2005-2933
[点击下载]

iDEFENSE Security Advisory 10.04.05-1 - Remote exploitation of a buffer overflow vulnerability in the University of Washington's IMAP Server (UW-IMAP) allows attackers to execute arbitrary code. iDEFENSE has confirmed the existence of this vulnerability in Washington University imap-2004c1.

UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability 

iDEFENSE Security Advisory 10.04.05
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
October 4, 2005

I. BACKGROUND

UW-IMAP is a popular free IMAP service for Linux and UNIX systems and 
is distributed with various Linux distributions. More information can 
be found at the vendor website:

	http://www.washington.edu/imap/

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in the University
of Washington's IMAP Server (UW-IMAP) allows attackers to execute 
arbitrary code.

The vulnerability specifically exists due to insufficient bounds
checking on user-supplied values. The mail_valid_net_parse_work() 
function in src/c-client/mail.c is responsible for obtaining and 
validating the specified mailbox name from user-supplied data. An error 
in the parsing of supplied mailbox names will continue to copy memory 
after a " character has been parsed until another " character is found 
as shown here:

long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service)
{
  int i,j;
#define MAILTMPLEN 1024        /* size of a temporary buffer */
  char c,*s,*t,*v,tmp[MAILTMPLEN],arg[MAILTMPLEN];
    
   ...snip...
    
  if (t - v) {            /* any switches or port specification? */
1]  strncpy (t = tmp,v,j);    /* copy it */
    tmp[j] = '\0';        /* tie it off */

...

    if (*t == '"') {    /* quoted string? */
2]     for (v = arg,i = 0,++t; (c = *t++) != '"';) { /* Vulnerability */
                /* quote next character */
        if (c == '\\') c = *t++;
        arg[i++] = c;
      }

If an attacker supplys only one " character, the function will continue 
to copy bytes to the new pointer, overflowing the stack buffer and 
resulting in arbitrary code execution.

III. ANALYSIS

Successful exploitation of the vulnerability will result in the 
execution of arbitrary code with permissions of the IMAP server. The 
impact of this vulnerability is slightly reduced due to the requirement 
of valid credentials, however IMAP servers commonly are used for free 
webmail systems and other services which may give untrusted users valid 
credentials. Networks that restrict IMAP service access to trusted 
users are at low risk.

IV. DETECTION

iDEFENSE has confirmed the existence of this vulnerability in Washington

University imap-2004c1.

The following vendors include susceptible UW-IMAP packages within their 
respective operating system distributions:

    * FreeBSD Project: FreeBSD 5.x
    * Gentoo Foundation Inc.: Gentoo 2005.x
    * Debian Project: Linux 3.x
    * Red Hat Linux, Inc.: Fedora Core 1, 2, and 3
    * Mandrakesoft SA: Mandriva Linux 9.x
    * Novell Inc.: SuSE Linux 9.x 
    
V. WORKAROUND

iDEFENSE is unaware of any valid workarounds for this issue. Restrict 
untrusted users from the IMAP service until the vendor releases a 
patch.

VI. VENDOR RESPONSE

"The fix is in the following patch to imap-????/src/c-client/mail.c:

------------------------------Cut Here----------------------------------
*** mail.c	2005/03/17 00:12:22	1.6
--- mail.c	2005/09/15 16:48:46
***************
*** 691,698 ****
--- 691,700 ----
         if (c == '=') {		/* parse switches which take
arguments */
   	if (*t == '"') {	/* quoted string? */
   	  for (v = arg,i = 0,++t; (c = *t++) != '"';) {
+ 	    if (!c) return NIL;	/* unterminated string */
   				/* quote next character */
   	    if (c == '\\') c = *t++;
+ 	    if (!c) return NIL;	/* can't quote NUL either */
   	    arg[i++] = c;
   	  }
   	  c = *t++;		/* remember delimiter for later */
------------------------------Cut Here----------------------------------

This fix is in UW release imap-2004g, which is available from as the
current release version on:

 	ftp://ftp.cac.washington.edu/mail/imap.tar.Z

IMPACT ANALYSIS:

The vulnerability is in the c-client library, which is used by the IMAP
server.

The main impact of a successful exploit in the IMAP server is that an
authorized user can execute arbitrary code, including gaining shell
access, on the server.  The code is executed with the authorized user's
userid.

A successful exploit in the IMAP server does NOT allow root access.

UW imapd has an optional facility for anonymous access; this feature
must be enabled specifically by the site and is rarely-enabled.  Due to
a security check specific to anonymous IMAP access, anonymous IMAP users
can NOT exploit this vulnerability.

In the absence of data to the contrary, I believe that this
vulnerability is LOW risk to servers which permit shell access to
authorized users; and is of LOW-MODERATE risk (unauthorized shell access
to authorized users) to other servers.

The vulnerability impacts all applications which use the c-client
library, even if these applications do not use IMAP.  In the IMAP server
and most MUAs, the application runs with the user's credentials which
reduces the overall risk.  If the application runs with other
credentials (e.g., webmail systems), the vulnerability may be of higher
risk."

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-2933 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

09/15/2005  Initial vendor notification
09/15/2005  Initial vendor response
10/04/2005  Coordinated public disclosure

IX. CREDIT

infamous41md@hotpop.com is credited with discovering this vulnerability.


Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright (c) 2005 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
    

- 漏洞信息

19856
UW-IMAP Netmailbox Name mail_valid_net_parse_work() Function Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in UW-imapd. The mail_valid_net_parse_work() function in 'src/c-client/mail.c' fails to properly validate the user-supplied mailbox name resulting in a stack overflow. With a specially crafted request, a remote authenticated attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-10-04 2005-09-15
Unknow 2005-12-13

- 解决方案

Upgrade to version imap-2004g or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability
Boundary Condition Error 15009
Yes No
2005-10-04 12:00:00 2006-12-15 10:53:00
Discovery is credited to infamous41md@hotpop.com.

- 受影响的程序版本

University of Washington imap 2004f
University of Washington imap 2004e
University of Washington imap 2004d
University of Washington imap 2004c
University of Washington imap 2004b
University of Washington imap 2004a
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
University of Washington imap 2004
University of Washington imap 2002e
University of Washington imap 2002d
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
University of Washington imap 2002c
University of Washington imap 2002b
University of Washington imap 2002
University of Washington imap 2001a
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 7.3
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
S.u.S.E. LINUX 9.1 Personal Edition CD-ROM
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Stronghold 4.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Interactive Response
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
University of Washington imap 2004g

- 不受影响的程序版本

University of Washington imap 2004g

- 漏洞讨论

University of Washington IMAP is prone to a buffer-overflow vulnerability. This issue is exposed when the application parses mailbox names.

If successful, an attacker may execute arbitrary code in the context of the server process. Note that to exploit this issue, the attacker must first authenticate to the service.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for more information.


University of Washington imap 2002b

University of Washington imap 2004a

University of Washington imap 2004e

University of Washington imap 2004

University of Washington imap 2004c

University of Washington imap 2002d

University of Washington imap 2004f

Slackware Linux 10.0

Slackware Linux 10.1

Slackware Linux 10.2

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站