Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51388
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2004:904
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory CLA-2004:904.

cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced
features such as SASL authentication, server-side mail filtering,
mailbox ACLs and others.

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd:

(if not mentioned otherwise, all vulnerabilities affect both
Conectiva Linux 9 and 10)

1. imapmagicplus buffer overflow (CVE-2004-1011)[3]
If the imapmagicplus option is enabled in the server's
configuration file, then the LOGIN and PROXY commands can be abused
to cause a buffer overflow, allowing remote unauthenticated attackers
to execute arbitrary code as the cyrus user.

Later on it has been found that the proxyd service also suffered[6]
(CVE-2004-1015) from the same problem.

Conectiva Linux 9 is not affected by these vulnerabilities.


2. PARTIAL command vulnerability (CVE-2004-1012)[4]
The PARTIAL command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.


3. FETCH command vulnerability (CVE-2004-1013)[5]
The FETCH command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.


All these vulnerabilities have been fixed upstream with new versions
of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x
branch.

Below are additional changes in our RPM packages:
- for CL10: SNMP support has been removed. It needs a newer net-snmp
library than the one that is currently being shipped

- for CL10: the script which attempts to convert the imapd.conf
configuration file from 2.1.x to the 2.2.x format has been fixed.
Previously it would mangle TLS directives

- for CL9: the init script has been fixed to allow GSSAPI
authentication and also to restart the server if it was already
running

- for CL9: the cyrus-imapd package now explicitly conflicts with
uw-imap-server and uw-pop-server.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:904
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1011
Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110123023521619&w=2
http://security.gentoo.org/glsa/glsa-200411-34.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
http://security.e-matters.de/advisories/152004.html
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
http://secunia.com/advisories/13274/
XForce ISS Database: cyrus-imap-username-bo(18198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18198
Common Vulnerability Exposure (CVE) ID: CVE-2004-1015
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
XForce ISS Database: cyrus-magic-plus-bo(18274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
Common Vulnerability Exposure (CVE) ID: CVE-2004-1012
Debian Security Information: DSA-597 (Google Search)
http://www.debian.org/security/2004/dsa-597
https://www.ubuntu.com/usn/usn-31-1/
XForce ISS Database: cyrus-imap-commands-execute-code(18199)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
Common Vulnerability Exposure (CVE) ID: CVE-2004-1013
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.