Bugtraq mailing list archives
[ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail
From: Thierry Carrez <koon () gentoo org>
Date: Fri, 27 May 2005 13:31:30 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200505-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mailutils: Multiple vulnerabilities in imap4d and mail Date: May 27, 2005 Bugs: #94053 ID: 200505-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The imap4d server and the mail utility from GNU Mailutils contain multiple vulnerabilities, potentially allowing a remote attacker to execute arbitrary code with root privileges. Background ========== GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server (imap4d) and a Mail User Agent (mail). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/mailutils < 0.6-r1 >= 0.6-r1 Description =========== infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CAN-2005-1523), fails to validate the range sequence of the "FETCH" command (CAN-2005-1522), and contains an integer overflow in the "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in "header_get_field_name()" (CAN-2005-1520). Impact ====== A remote attacker can exploit the format string and integer overflow in imap4d to execute arbitrary code as the imap4d user, which is usually root. By sending a specially crafted email message, a remote attacker could exploit the buffer overflow in the "mail" utility to execute arbitrary code with the rights of the user running mail. Finally, a remote attacker can also trigger a Denial of Service by sending a malicious FETCH command to an affected imap4d, causing excessive resource consumption. Workaround ========== There are no known workarounds at this time. Resolution ========== All GNU Mailutils users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1" References ========== [ 1 ] CAN-2005-1520 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1520 [ 2 ] CAN-2005-1521 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1521 [ 3 ] CAN-2005-1522 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1522 [ 4 ] CAN-2005-1523 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1523 [ 5 ] iDEFENSE 05.25.05 advisories http://www.idefense.com/application/poi/display?type=vulnerabilities&showYear=2005 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200505-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail Thierry Carrez (May 27)