Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:904

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.51388

Category: Conectiva Local Security Checks

Title: Conectiva Security Advisory CLA-2004:904

Summary: NOSUMMARY

Description: Description:

The remote host is missing updates announced in
advisory CLA-2004:904.

cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced
features such as SASL authentication, server-side mail filtering,
mailbox ACLs and others.

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd:

(if not mentioned otherwise, all vulnerabilities affect both
Conectiva Linux 9 and 10)

1. imapmagicplus buffer overflow (CVE-2004-1011)[3]
If the imapmagicplus option is enabled in the server's
configuration file, then the LOGIN and PROXY commands can be abused
to cause a buffer overflow, allowing remote unauthenticated attackers
to execute arbitrary code as the cyrus user.

Later on it has been found that the proxyd service also suffered[6]
(CVE-2004-1015) from the same problem.

Conectiva Linux 9 is not affected by these vulnerabilities.

2. PARTIAL command vulnerability (CVE-2004-1012)[4]
The PARTIAL command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.

3. FETCH command vulnerability (CVE-2004-1013)[5]
The FETCH command parser has a vulnerability which would allow
authenticated users to cause a memory corruption and possibly execute
arbitrary code as the cyrus user.

All these vulnerabilities have been fixed upstream with new versions
of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x
branch.

Below are additional changes in our RPM packages:
- for CL10: SNMP support has been removed. It needs a newer net-snmp
library than the one that is currently being shipped

- for CL10: the script which attempts to convert the imapd.conf
configuration file from 2.1.x to the 2.2.x format has been fixed.
Previously it would mangle TLS directives

- for CL9: the init script has been fixed to allow GSSAPI
authentication and also to restart the server if it was already
running

- for CL9: the cyrus-imapd package now explicitly conflicts with
uw-imap-server and uw-pop-server.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:904
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1011
Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110123023521619&w=2
http://security.gentoo.org/glsa/glsa-200411-34.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
http://security.e-matters.de/advisories/152004.html
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
http://secunia.com/advisories/13274/
XForce ISS Database: cyrus-imap-username-bo(18198)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18198
Common Vulnerability Exposure (CVE) ID: CVE-2004-1015
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
XForce ISS Database: cyrus-magic-plus-bo(18274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
Common Vulnerability Exposure (CVE) ID: CVE-2004-1012
Debian Security Information: DSA-597 (Google Search)
http://www.debian.org/security/2004/dsa-597
https://www.ubuntu.com/usn/usn-31-1/
XForce ISS Database: cyrus-imap-commands-execute-code(18199)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
Common Vulnerability Exposure (CVE) ID: CVE-2004-1013

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.51388
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:904
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:904. cyrus-imapd[1] is an IMAP and POP3 mail server with several advanced features such as SASL authentication, server-side mail filtering, mailbox ACLs and others. Stefan Esser from e-matters security recently published[2] several vulnerabilities in cyrus-imapd: (if not mentioned otherwise, all vulnerabilities affect both Conectiva Linux 9 and 10) 1. imapmagicplus buffer overflow (CVE-2004-1011)[3] If the imapmagicplus option is enabled in the server's configuration file, then the LOGIN and PROXY commands can be abused to cause a buffer overflow, allowing remote unauthenticated attackers to execute arbitrary code as the cyrus user. Later on it has been found that the proxyd service also suffered[6] (CVE-2004-1015) from the same problem. Conectiva Linux 9 is not affected by these vulnerabilities. 2. PARTIAL command vulnerability (CVE-2004-1012)[4] The PARTIAL command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the cyrus user. 3. FETCH command vulnerability (CVE-2004-1013)[5] The FETCH command parser has a vulnerability which would allow authenticated users to cause a memory corruption and possibly execute arbitrary code as the cyrus user. All these vulnerabilities have been fixed upstream with new versions of cyrus-imapd: 2.2.10 for the 2.2.x branch and 2.1.17 for the 2.1.x branch. Below are additional changes in our RPM packages: - for CL10: SNMP support has been removed. It needs a newer net-snmp library than the one that is currently being shipped - for CL10: the script which attempts to convert the imapd.conf configuration file from 2.1.x to the 2.2.x format has been fixed. Previously it would mangle TLS directives - for CL9: the init script has been fixed to allow GSSAPI authentication and also to restart the server if it was already running - for CL9: the cyrus-imapd package now explicitly conflicts with uw-imap-server and uw-pop-server. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:904 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1011 Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110123023521619&w=2 http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 http://security.e-matters.de/advisories/152004.html http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://secunia.com/advisories/13274/ XForce ISS Database: cyrus-imap-username-bo(18198) https://exchange.xforce.ibmcloud.com/vulnerabilities/18198 Common Vulnerability Exposure (CVE) ID: CVE-2004-1015 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145 XForce ISS Database: cyrus-magic-plus-bo(18274) https://exchange.xforce.ibmcloud.com/vulnerabilities/18274 Common Vulnerability Exposure (CVE) ID: CVE-2004-1012 Debian Security Information: DSA-597 (Google Search) http://www.debian.org/security/2004/dsa-597 https://www.ubuntu.com/usn/usn-31-1/ XForce ISS Database: cyrus-imap-commands-execute-code(18199) https://exchange.xforce.ibmcloud.com/vulnerabilities/18199 Common Vulnerability Exposure (CVE) ID: CVE-2004-1013
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com