Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156290 - CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Summary: CAN-2005-0546 multiple buffer overflows in cyrus-imapd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: cyrus-imapd
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, 2
Depends On: 149870
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-28 17:06 UTC by Matthew Miller
Modified: 2007-04-18 17:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-04-05 00:26:05 UTC


Attachments (Terms of Use)
Proposed FLSA-2006-156290 advisory text (deleted)
2006-04-03 00:51 UTC, David Eisenstein
no flags Details

Description Matthew Miller 2005-04-28 17:06:42 UTC
+++ This bug was initially created as a clone of Bug #149870 +++

+++ This bug was initially created as a clone of Bug #149869 +++

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to
execute arbitrary code via (1) an off-by-one error in the imapd annotate
extension, (2) an off-by-one error in "cached header handling," (3) a
stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow
in imapd.


* Fix possible single byte overflow in mailbox handling code. 
* Fix possible single byte overflows in the imapd annotate extension. 
* Fix stack buffer overflows in fetchnews (exploitable by peer news
  server), backend (exploitable by admin), and in imapd (exploitable
  by users though only on platforms where a filename may be larger
  than a mailbox name).


---------------------------------------------------------------------------

This affects FC2. I don't believe FC1 or earlier included cyrus-imapd.

Comment 1 John Dennis 2005-04-28 17:19:33 UTC
I see you just added this as a blocker bug. FWIW I built the packages for FC2
and when I asked Bill for a push it was denied because FC2 is legacy. The
package is in the build system, but stuck in limbo.

Comment 2 Matthew Miller 2005-04-28 17:45:21 UTC
Oh, good to know! Do you think maybe you could pull them out of limbo and put
them somewhere we can get to?

Comment 3 Marc Deslauriers 2006-03-07 22:42:08 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

1f50108ed7ef6e082da5276a685fec59a3367465 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.i386.rpm
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
e8005bc789b7c46e2e78222249b8b5cf64a0686f 
cyrus-imapd-devel-2.2.12-1.1.fc2.1.legacy.i386.rpm
2fa531c5d59419695f590fac8cb46807885d3eed 
cyrus-imapd-murder-2.2.12-1.1.fc2.1.legacy.i386.rpm
6d62d66df1d46c1b4ec62c90ce5fb48d758df632 
cyrus-imapd-nntp-2.2.12-1.1.fc2.1.legacy.i386.rpm
ffb3843dac04911b02a5e91516e7b7cd98c9ac03 
cyrus-imapd-utils-2.2.12-1.1.fc2.1.legacy.i386.rpm
55e938ff829d282ee7e13dd53012f0181beb624c 
perl-Cyrus-2.2.12-1.1.fc2.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/2/cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEDg35LMAs/0C4zNoRAsghAKCYD83uGKEadHTEqK+y2xFpwksIvwCfTAGq
nc9R7/oypKCUx/Pwn2TnEkA=
=73Uj
-----END PGP SIGNATURE-----


Comment 4 Pekka Savola 2006-03-08 06:23:49 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - no patch, but the source upgrade identical to RHEL/FC3
 
+PUBLISH FC2
 
597e71df3b600854ef9a04d3dae75d1b4c81497b 
cyrus-imapd-2.2.12-1.1.fc2.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEDnmyGHbTkzxSL7QRAhdzAJ41Y4JWHDBK+m+mrGFqUBv8PxBjlwCeMKLy
T5r5g11zTifQML8tzYyZqLY=
=y3vy
-----END PGP SIGNATURE-----


Comment 5 Marc Deslauriers 2006-03-16 01:27:38 UTC
Packages were pushed to updates-testing.

Comment 6 Pekka Savola 2006-03-31 05:28:22 UTC
Timeout over.

Comment 7 David Eisenstein 2006-04-03 00:51:45 UTC
Created attachment 127218 [details]
Proposed FLSA-2006-156290 advisory text

Attached is proposed FLSA-2006-156290 advisory for release to updates.

Comment 8 Marc Deslauriers 2006-04-05 00:26:05 UTC
Packages were released to updates.


Note You need to log in before you can comment on or make changes to this bug.