Gentoo Archives: gentoo-announce

From: Raphael Marichez <falco@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200704-18 ] Courier-IMAP: Remote execution of arbitrary code
Date: Sun, 22 Apr 2007 21:39:37
Message-Id: 20070422211836.GG31875@falco.falcal.net
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200704-18
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Courier-IMAP: Remote execution of arbitrary code
9 Date: April 22, 2007
10 Bugs: #168196
11 ID: 200704-18
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A vulnerability has been discovered in Courier-IMAP allowing for remote
19 code execution with root privileges.
20
21 Background
22 ==========
23
24 Courier-IMAP is an IMAP server which is part of the Courier mail
25 system. It provides access only to maildirs.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-mail/courier-imap < 4.0.6-r2 >= 4.0.6-r2
34
35 Description
36 ===========
37
38 CJ Kucera has discovered that some Courier-IMAP scripts don't properly
39 handle the XMAILDIR variable, allowing for shell command injection.
40
41 Impact
42 ======
43
44 A remote attacker could send specially crafted login credentials to a
45 Courier-IMAP server instance, possibly leading to remote code execution
46 with root privileges.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Courier-IMAP users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=net-mail/courier-imap-4.0.6-r2"
60
61 Availability
62 ============
63
64 This GLSA and any updates to it are available for viewing at
65 the Gentoo Security Website:
66
67 http://security.gentoo.org/glsa/glsa-200704-18.xml
68
69 Concerns?
70 =========
71
72 Security is a primary focus of Gentoo Linux and ensuring the
73 confidentiality and security of our users machines is of utmost
74 importance to us. Any security concerns should be addressed to
75 security@g.o or alternatively, you may file a bug at
76 http://bugs.gentoo.org.
77
78 License
79 =======
80
81 Copyright 2007 Gentoo Foundation, Inc; referenced text
82 belongs to its owner(s).
83
84 The contents of this document are licensed under the
85 Creative Commons - Attribution / Share Alike license.
86
87 http://creativecommons.org/licenses/by-sa/2.5