[ESA-20020607-013] Remote buffer overflow in imap daemon

From: EnGarde Secure Linux (security@guardiandigital.com)
Date: 06/07/02

Date: Fri, 7 Jun 2002 10:16:55 -0400 (EDT)
From: EnGarde Secure Linux <security@guardiandigital.com>
To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com

Hash: SHA1

| EnGarde Secure Linux Security Advisory June 07, 2002 |
| http://www.engardelinux.org/ ESA-20020607-013 |
| |
| Package: imap |
| Summary: Remote buffer overflow in imap daemon. |

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

- --------
  There is a buffer overflow vulnerability in imap which can allow a
  remote, authenticated user to execute commands as the user under which
  imapd is running.

- ------
  Marcell Fodor discovered a buffer overflow condition in the imap
  daemon from the University of Washington. An authenticated user could
  send a malformed request to trigger the overflow and execute commands
  as the users UID/GID.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2002-0379 to this issue.

- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory. Updates may be obtained from:


  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh file

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv file

- ----------------
  These updated packages are for EnGarde Secure Linux Community

  Source Packages:

      MD5 Sum: 0092526c93d8dbb0d52617f413f08116

  Binary Packages:

      MD5 Sum: abb2189c4168ef80dc7a1884af3bac05

      MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5

- ----------
  Guardian Digital's public key:

  Credit for the discovery of this bug goes to:
    Marcell Fodor <m.fodor@mail.datanet.hu>

  UW IMAP's Official Web Site:

  Security Contact: security@guardiandigital.com
  EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020607-013-imap,v 1.1 2002/06/07 14:00:00 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Relevant Pages