Date: Fri, 7 Jun 2002 10:16:55 -0400 (EDT)
From: EnGarde Secure Linux <security@guardiandigital.com>
To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com
Subject: [ESA-20020607-013] Remote buffer overflow in imap daemon
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory June 07, 2002 |
| http://www.engardelinux.org/ ESA-20020607-013 |
| |
| Package: imap |
| Summary: Remote buffer overflow in imap daemon. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, complete e-commerce using AllCommerce,
and integrated open source security tools.
OVERVIEW
- --------
There is a buffer overflow vulnerability in imap which can allow a
remote, authenticated user to execute commands as the user under which
imapd is running.
DETAIL
- ------
Marcell Fodor discovered a buffer overflow condition in the imap
daemon from the University of Washington. An authenticated user could
send a malformed request to trigger the overflow and execute commands
as the users UID/GID.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0379 to this issue.
SOLUTION
- --------
Users of the EnGarde Professional edition can use the Guardian Digital
Secure Network to update their systems automatically.
EnGarde Community users should upgrade to the most recent version
as outlined in this advisory. Updates may be obtained from:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/http://ftp.engardelinux.org/pub/engarde/stable/updates/
Before upgrading the package, the machine must either:
a) be booted into a "standard" kernel; or
b) have LIDS disabled.
To disable LIDS, execute the command:
# /sbin/lidsadm -S -- -LIDS_GLOBAL
To install the updated package, execute the command:
# rpm -Uvh file
You must now update the LIDS configuration by executing the command:
# /usr/sbin/config_lids.pl
To re-enable LIDS (if it was disabled), execute the command:
# /sbin/lidsadm -S -- +LIDS_GLOBAL
To verify the signatures of the updated packages, execute the command:
# rpm -Kv file
UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux Community
Edition.
Source Packages:
SRPMS/imap-2000c-1.0.23.src.rpm
MD5 Sum: 0092526c93d8dbb0d52617f413f08116
Binary Packages:
i386/imap-2000c-1.0.23.i386.rpm
MD5 Sum: abb2189c4168ef80dc7a1884af3bac05
i386/imap-2000c-1.0.23.i686.rpm
MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Credit for the discovery of this bug goes to:
Marcell Fodor <m.fodor@mail.datanet.hu>
UW IMAP's Official Web Site:
http://www.washington.edu/imap/
Security Contact: security@guardiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html
- --------------------------------------------------------------------------
$Id: ESA-20020607-013-imap,v 1.1 2002/06/07 14:00:00 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9AMBeHD5cqd57fu0RAoqeAKCdOB5+l/ji+sgGOd8q1GfqBQnScACcDhxX
SIh5AMut+Gal6dY3pnLGOiM=
=lD8d
-----END PGP SIGNATURE-----
