Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:904

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51388

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:904

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:904.

cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced
features such as SASL authentication, server-side mail filtering,
mailbox ACLs and others.

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd:

(if not mentioned otherwise, all vulnerabilities affect both
Conectiva Linux 9 and 10)

1. imapmagicplus buffer overflow (CVE-2004-1011)[3]
If the imapmagicplus option is enabled in the server's
configuration file, then the LOGIN and PROXY commands can be abused
to cause a buffer overflow, allowing remote unauthenticated attackers
to execute arbitrary code as the cyrus user.

Later on it has been found that the proxyd service also suffered[6]
(CVE-2004-1015) from the same problem.

Conectiva Linux 9 is not affected by these vulnerabilities.

2. PARTIAL command vulnerability (CVE-2004-1012)[4]
The PARTIAL command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.

3. FETCH command vulnerability (CVE-2004-1013)[5]
The FETCH command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.

All these vulnerabilities have been fixed upstream with new versions
of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x
branch.

Below are additional changes in our RPM packages:
- for CL10: SNMP support has been removed. It needs a newer net-snmp
library than the one that is currently being shipped

- for CL10: the script which attempts to convert the imapd.conf
configuration file from 2.1.x to the 2.2.x format has been fixed.
Previously it would mangle TLS directives

- for CL9: the init script has been fixed to allow GSSAPI
authentication and also to restart the server if it was already
running

- for CL9: the cyrus-imapd package now explicitly conflicts with
uw-imap-server and uw-pop-server.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:904
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1011
Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110123023521619&w=2
http://security.gentoo.org/glsa/glsa-200411-34.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
http://security.e-matters.de/advisories/152004.html
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
http://secunia.com/advisories/13274/
XForce ISS Database: cyrus-imap-username-bo(18198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18198
Common Vulnerability Exposure (CVE) ID: CVE-2004-1015
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
XForce ISS Database: cyrus-magic-plus-bo(18274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
Common Vulnerability Exposure (CVE) ID: CVE-2004-1012
Debian Security Information: DSA-597 (Google Search)
http://www.debian.org/security/2004/dsa-597
https://www.ubuntu.com/usn/usn-31-1/
XForce ISS Database: cyrus-imap-commands-execute-code(18199)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
Common Vulnerability Exposure (CVE) ID: CVE-2004-1013

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51388
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:904
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:904. cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced features such as SASL authentication, server-side mail filtering, mailbox ACLs and others. Stefan Esser from e-matters security recently published[2] several vulnerabilities in cyrus-imapd: (if not mentioned otherwise, all vulnerabilities affect both Conectiva Linux 9 and 10) 1. imapmagicplus buffer overflow (CVE-2004-1011)[3] If the imapmagicplus option is enabled in the server's configuration file, then the LOGIN and PROXY commands can be abused to cause a buffer overflow, allowing remote unauthenticated attackers to execute arbitrary code as the cyrus user. Later on it has been found that the proxyd service also suffered[6] (CVE-2004-1015) from the same problem. Conectiva Linux 9 is not affected by these vulnerabilities. 2. PARTIAL command vulnerability (CVE-2004-1012)[4] The PARTIAL command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the cyrus user. 3. FETCH command vulnerability (CVE-2004-1013)[5] The FETCH command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the cyrus user. All these vulnerabilities have been fixed upstream with new versions of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x branch. Below are additional changes in our RPM packages: - for CL10: SNMP support has been removed. It needs a newer net-snmp library than the one that is currently being shipped - for CL10: the script which attempts to convert the imapd.conf configuration file from 2.1.x to the 2.2.x format has been fixed. Previously it would mangle TLS directives - for CL9: the init script has been fixed to allow GSSAPI authentication and also to restart the server if it was already running - for CL9: the cyrus-imapd package now explicitly conflicts with uw-imap-server and uw-pop-server. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:904 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1011 Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110123023521619&w=2 http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 http://security.e-matters.de/advisories/152004.html http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://secunia.com/advisories/13274/ XForce ISS Database: cyrus-imap-username-bo(18198) https://exchange.xforce.ibmcloud.com/vulnerabilities/18198 Common Vulnerability Exposure (CVE) ID: CVE-2004-1015 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145 XForce ISS Database: cyrus-magic-plus-bo(18274) https://exchange.xforce.ibmcloud.com/vulnerabilities/18274 Common Vulnerability Exposure (CVE) ID: CVE-2004-1012 Debian Security Information: DSA-597 (Google Search) http://www.debian.org/security/2004/dsa-597 https://www.ubuntu.com/usn/usn-31-1/ XForce ISS Database: cyrus-imap-commands-execute-code(18199) https://exchange.xforce.ibmcloud.com/vulnerabilities/18199 Common Vulnerability Exposure (CVE) ID: CVE-2004-1013
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com