Executive Summary

Summary
Title cyrus-imapd security update
Informations
Name RHSA-2005:408 First vendor Publication 2005-05-17
Vendor RedHat Last vendor Modification 2005-05-17
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated cyrus-imapd packages that fix several buffer overflow security issues are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The cyrus-imapd package contains the core of the Cyrus IMAP server.

Several buffer overflow bugs were found in cyrus-imapd. It is possible that an authenticated malicious user could cause the imap server to crash. Additionally, a peer news admin could potentially execute arbitrary code on the imap server when news is received using the fetchnews command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0546 to this issue.

Users of cyrus-imapd are advised to upgrade to these updated packages, which contain cyrus-imapd version 2.2.12 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm 4b3fa71b394dbd0e8c87a29c5a56b286 cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm

i386: 68c478ca17ecb402c8d6044a08fbbf97 cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm b0e73a633a3f420cb7c1b3201bbb6ab4 cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm 0b417a838fde38c48e118bbae7adb5de cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm 60d37f09e9b5db67a90b26d899eef10e cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm 125973b27ff9c214fdcade6adfbbab4c cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm adf11c07b7572a803fba0694b10a9bf3 perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm

ia64: 47e38551bf642b9f3c950e4d73014963 cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm 4c7ca20e0b41290767236bc7cebced40 cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm 892adc82d6b337d5b838de06b31f6005 cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm 2d15fe37eaa0e6e82294b2fb4448824c cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm e7d894fce5d9dfe8f17fcdbbd80280ee cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm 0d5ce4154308b7ad7796c9517c1b6fcd perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm

ppc: 0cf0e912e3d10a013f875ca75f6ed117 cyrus-imapd-2.2.12-3.RHEL4.1.ppc.rpm 76e6a47a7b15caf6bdf770d8c8e9ceb2 cyrus-imapd-devel-2.2.12-3.RHEL4.1.ppc.rpm c70639b4245a12ccc5d7d81cbe8a8262 cyrus-imapd-murder-2.2.12-3.RHEL4.1.ppc.rpm 9aa309aef2579944259cb7ffe8245488 cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ppc.rpm f1c85a497a0e80e1ceaa146b2e78a742 cyrus-imapd-utils-2.2.12-3.RHEL4.1.ppc.rpm cc16c62094b302d9411f3be1ee38ab09 perl-Cyrus-2.2.12-3.RHEL4.1.ppc.rpm

s390: f7dc2f55144bb5f4fc608811f80323a0 cyrus-imapd-2.2.12-3.RHEL4.1.s390.rpm f1b97671e20f3af01272f848b42f254e cyrus-imapd-devel-2.2.12-3.RHEL4.1.s390.rpm 00103a5a070125fd21b8e474bf321ec1 cyrus-imapd-murder-2.2.12-3.RHEL4.1.s390.rpm e49e2d04a077d8f7478eb0f0d43fe91e cyrus-imapd-nntp-2.2.12-3.RHEL4.1.s390.rpm 0918d048e49457ece8c2e772a0ff2a2b cyrus-imapd-utils-2.2.12-3.RHEL4.1.s390.rpm 9dcb24d38c2bc3f5506a742e526f2ebc perl-Cyrus-2.2.12-3.RHEL4.1.s390.rpm

s390x: 45b6b8d9c21885c76263dc59b3b8e612 cyrus-imapd-2.2.12-3.RHEL4.1.s390x.rpm 624f870b32646960b4b02b0b38395f0c cyrus-imapd-devel-2.2.12-3.RHEL4.1.s390x.rpm 3785bb0f2410fbecdd19b0c4d006ad19 cyrus-imapd-murder-2.2.12-3.RHEL4.1.s390x.rpm 3b5acbdc0b46d079e033ecb1c7f5702c cyrus-imapd-nntp-2.2.12-3.RHEL4.1.s390x.rpm 27a4e0d1eb725896dad32f01bd29ed58 cyrus-imapd-utils-2.2.12-3.RHEL4.1.s390x.rpm 2f229a87ffcf945db5fece6ef5f1882b perl-Cyrus-2.2.12-3.RHEL4.1.s390x.rpm

x86_64: 66c83d5825b3487300365d4d5d6f65f9 cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm bae570996e911c09e130cfafbd006ae7 cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm a665893a93037f024419f31b0647d684 cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm 723ffd10890a8c6ca91496a3d0f66511 cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm 03b502fd34bc8a1c3bcfcc4d7b987dfb cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm f785bfaab819a7fba7ecee0313c85dba perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm 4b3fa71b394dbd0e8c87a29c5a56b286 cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm

i386: 68c478ca17ecb402c8d6044a08fbbf97 cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm b0e73a633a3f420cb7c1b3201bbb6ab4 cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm 0b417a838fde38c48e118bbae7adb5de cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm 60d37f09e9b5db67a90b26d899eef10e cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm 125973b27ff9c214fdcade6adfbbab4c cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm adf11c07b7572a803fba0694b10a9bf3 perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm

x86_64: 66c83d5825b3487300365d4d5d6f65f9 cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm bae570996e911c09e130cfafbd006ae7 cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm a665893a93037f024419f31b0647d684 cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm 723ffd10890a8c6ca91496a3d0f66511 cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm 03b502fd34bc8a1c3bcfcc4d7b987dfb cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm f785bfaab819a7fba7ecee0313c85dba perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm 4b3fa71b394dbd0e8c87a29c5a56b286 cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm

i386: 68c478ca17ecb402c8d6044a08fbbf97 cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm b0e73a633a3f420cb7c1b3201bbb6ab4 cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm 0b417a838fde38c48e118bbae7adb5de cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm 60d37f09e9b5db67a90b26d899eef10e cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm 125973b27ff9c214fdcade6adfbbab4c cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm adf11c07b7572a803fba0694b10a9bf3 perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm

ia64: 47e38551bf642b9f3c950e4d73014963 cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm 4c7ca20e0b41290767236bc7cebced40 cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm 892adc82d6b337d5b838de06b31f6005 cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm 2d15fe37eaa0e6e82294b2fb4448824c cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm e7d894fce5d9dfe8f17fcdbbd80280ee cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm 0d5ce4154308b7ad7796c9517c1b6fcd perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm

x86_64: 66c83d5825b3487300365d4d5d6f65f9 cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm bae570996e911c09e130cfafbd006ae7 cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm a665893a93037f024419f31b0647d684 cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm 723ffd10890a8c6ca91496a3d0f66511 cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm 03b502fd34bc8a1c3bcfcc4d7b987dfb cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm f785bfaab819a7fba7ecee0313c85dba perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm 4b3fa71b394dbd0e8c87a29c5a56b286 cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm

i386: 68c478ca17ecb402c8d6044a08fbbf97 cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm b0e73a633a3f420cb7c1b3201bbb6ab4 cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm 0b417a838fde38c48e118bbae7adb5de cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm 60d37f09e9b5db67a90b26d899eef10e cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm 125973b27ff9c214fdcade6adfbbab4c cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm adf11c07b7572a803fba0694b10a9bf3 perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm

ia64: 47e38551bf642b9f3c950e4d73014963 cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm 4c7ca20e0b41290767236bc7cebced40 cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm 892adc82d6b337d5b838de06b31f6005 cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm 2d15fe37eaa0e6e82294b2fb4448824c cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm e7d894fce5d9dfe8f17fcdbbd80280ee cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm 0d5ce4154308b7ad7796c9517c1b6fcd perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm

x86_64: 66c83d5825b3487300365d4d5d6f65f9 cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm bae570996e911c09e130cfafbd006ae7 cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm a665893a93037f024419f31b0647d684 cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm 723ffd10890a8c6ca91496a3d0f66511 cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm 03b502fd34bc8a1c3bcfcc4d7b987dfb cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm f785bfaab819a7fba7ecee0313c85dba perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-408.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10674
 
Oval ID: oval:org.mitre.oval:def:10674
Title: Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
Description: Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0546
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
File : nvt/glsa_200502_29.nasl
2008-09-04 Name : FreeBSD Ports: cyrus-imapd
File : nvt/freebsd_cyrus-imapd.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
14093 Cyrus IMAP Server Long Filename Overflow
14092 Cyrus IMAP Server Backend Overflow
14091 Cyrus IMAP Server fetchnews Overflow
14090 Cyrus IMAP Server Annotate Extension Function Overflow
14089 Cyrus IMAP Server Mailbox Handling Overflow

Nessus® Vulnerability Scanner

Date Description
2012-09-24 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-339.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-408.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-87-1.nasl - Type : ACT_GATHER_INFO
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b2d248ad88f611d9aa180001020eed82.nasl - Type : ACT_GATHER_INFO
2005-05-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-408.nasl - Type : ACT_GATHER_INFO
2005-03-06 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-051.nasl - Type : ACT_GATHER_INFO
2005-02-24 Name : The remote IMAP server is affected by multiple buffer overflow issues.
File : cyrus_imap_multiple_vulnerabilities.nasl - Type : ACT_GATHER_INFO
2005-02-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200502-29.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:49:20
  • Multiple Updates