Gentoo Archives: gentoo-announce

From: "Joshua J. Berry" <condordes@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability
Date: Thu, 19 Aug 2004 23:27:04
Message-Id: 20040819232255.GA1139@deneb.condordes.net
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200408-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: courier-imap: Remote Format String Vulnerability
9 Date: August 19, 2004
10 Bugs: #60865
11 ID: 200408-19
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 There is a format string vulnerability in non-standard configurations
19 of courier-imapd which may be exploited remotely. An attacker may be
20 able to execute arbitrary code as the user running courier-imapd
21 (oftentimes root).
22
23 Background
24 ==========
25
26 Courier-IMAP is an IMAP server which is part of the Courier mail
27 system. It provides access only to maildirs.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 net-mail/courier-imap <= 3.0.2-r1 >= 3.0.5
36
37 Description
38 ===========
39
40 There is a format string vulnerability in the auth_debug() function
41 which can be exploited remotely, potentially leading to arbitrary code
42 execution as the user running the IMAP daemon (oftentimes root). A
43 remote attacker may send username or password information containing
44 printf() format tokens (such as "%s"), which will crash the server or
45 cause it to execute arbitrary code.
46
47 This vulnerability can only be exploited if DEBUG_LOGIN is set to
48 something other than 0 in the imapd config file.
49
50 Impact
51 ======
52
53 If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker
54 may execute arbitrary code as the root user.
55
56 Workaround
57 ==========
58
59 Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is
60 the default value.)
61
62 Resolution
63 ==========
64
65 All courier-imap users should upgrade to the latest version:
66
67 # emerge sync
68
69 # emerge -pv ">=net-mail/courier-imap-3.0.5"
70 # emerge ">=net-mail/courier-imap-3.0.5"
71
72 References
73 ==========
74
75 [ 1 ] iDEFENSE Advisory
76 http://www.idefense.com/application/poi/display?id=131&type=vulnerabilities&flashstatus=true
77
78 Availability
79 ============
80
81 This GLSA and any updates to it are available for viewing at
82 the Gentoo Security Website:
83
84 http://security.gentoo.org/glsa/glsa-200408-19.xml
85
86 Concerns?
87 =========
88
89 Security is a primary focus of Gentoo Linux and ensuring the
90 confidentiality and security of our users machines is of utmost
91 importance to us. Any security concerns should be addressed to
92 security@g.o or alternatively, you may file a bug at
93 http://bugs.gentoo.org.
94
95 License
96 =======
97
98 Copyright 2004 Gentoo Foundation, Inc; referenced text
99 belongs to its owner(s).
100
101 The contents of this document are licensed under the
102 Creative Commons - Attribution / Share Alike license.
103
104 http://creativecommons.org/licenses/by-sa/1.0