Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail
Date: Fri, 27 May 2005 11:31:34
Message-Id: 42970512.1020801@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200505-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mailutils: Multiple vulnerabilities in imap4d and mail
9 Date: May 27, 2005
10 Bugs: #94053
11 ID: 200505-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 The imap4d server and the mail utility from GNU Mailutils contain
19 multiple vulnerabilities, potentially allowing a remote attacker to
20 execute arbitrary code with root privileges.
21
22 Background
23 ==========
24
25 GNU Mailutils is a collection of mail-related utilities, including an
26 IMAP4 server (imap4d) and a Mail User Agent (mail).
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 net-mail/mailutils < 0.6-r1 >= 0.6-r1
35
36 Description
37 ===========
38
39 infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d
40 does not correctly implement formatted printing of command tags
41 (CAN-2005-1523), fails to validate the range sequence of the "FETCH"
42 command (CAN-2005-1522), and contains an integer overflow in the
43 "fetch_io" routine (CAN-2005-1521). mail contains a buffer overflow in
44 "header_get_field_name()" (CAN-2005-1520).
45
46 Impact
47 ======
48
49 A remote attacker can exploit the format string and integer overflow in
50 imap4d to execute arbitrary code as the imap4d user, which is usually
51 root. By sending a specially crafted email message, a remote attacker
52 could exploit the buffer overflow in the "mail" utility to execute
53 arbitrary code with the rights of the user running mail. Finally, a
54 remote attacker can also trigger a Denial of Service by sending a
55 malicious FETCH command to an affected imap4d, causing excessive
56 resource consumption.
57
58 Workaround
59 ==========
60
61 There are no known workarounds at this time.
62
63 Resolution
64 ==========
65
66 All GNU Mailutils users should upgrade to the latest available version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=net-mail/mailutils-0.6-r1"
70
71 References
72 ==========
73
74 [ 1 ] CAN-2005-1520
75 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1520
76 [ 2 ] CAN-2005-1521
77 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1521
78 [ 3 ] CAN-2005-1522
79 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1522
80 [ 4 ] CAN-2005-1523
81 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1523
82 [ 5 ] iDEFENSE 05.25.05 advisories
83
84 http://www.idefense.com/application/poi/display?type=vulnerabilities&showYear=2005
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 http://security.gentoo.org/glsa/glsa-200505-20.xml
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 http://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2005 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 http://creativecommons.org/licenses/by-sa/2.0

Attachments

File name MIME type
signature.asc application/pgp-signature