Risks
Advisories
Browse
or
or
Red Hat Security Advisory - Buffer overflow in UW imap daemon
--------------------------------------------------------------------- 
                   Red Hat, Inc. Red Hat Security Advisory 


Synopsis: Buffer overflow in UW imap daemon 
Advisory ID: RHSA-2002:092-11 
Issue date: 2002-05-16 
Updated on: 2002-05-22 
Product: Red Hat Linux 
Keywords: UW imap buffer overflow wu-imap uw-imap 
Cross references: 
Obsoletes: RHBA-2001:120 
CVE Names: CAN-2002-0379 
--------------------------------------------------------------------- 


1. Topic: 


The UW imap daemon contains a buffer overflow which allows a 
logged in, remote user to execute commands on the server 
with the user's UID/GID. 


2. Relevant releases/architectures: 


Red Hat Linux 6.2 - alpha, i386, sparc 


Red Hat Linux 7.0 - alpha, i386 


Red Hat Linux 7.1 - alpha, i386, ia64 


Red Hat Linux 7.2 - i386, ia64 


3. Problem description: 


UW imapd is an IMAP daemon from the University of Washington. Version 
2000c and previous versions have a bug that allows a malicious user to 
construct a malformed request which overflows an internal buffer, enabling 
that user to execute commands on the server with the user's UID/GID. 


To exploit this problem the user has to have successfully authenticated to 
the imapd service. Therefore, this vulnerability mainly affects free email 
providers or mail servers where the user has no shell access to the system. 
On other systems, in which the user already has shell access, users can 
already run commands under their own UIDs/GIDs. 


The Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2002-0379 to this issue. 


Users of imapd are advised to upgrade to these errata packages containing 
version 2001a of imapd. They are not vulnerable to this issue. 


4. Solution: 


Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 


To update all RPMs for your particular architecture, run: 


rpm -Fvh [filenames] 


where [filenames] is a list of the RPMs you wish to upgrade. Only those 
RPMs which are currently installed will be updated. Those RPMs which are 
not installed but included in the list will not be updated. Note that you 
can also use wildcards (*.rpm) if your current directory *only* contains the 
desired RPMs. 


Please note that this update is also available via Red Hat Network. Many 
people find this an easier way to apply updates. To use Red Hat Network, 
launch the Red Hat Update Agent with the following command: 


up2date 


This will start an interactive process that will result in the appropriate 
RPMs being upgraded on your system. 


5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 




6. RPMs required: 


Red Hat Linux 6.2: 


SRPMS: 
ftp://updates.redhat.com/6.2/en/os/SRPMS/imap-2001a-1.62.0.src.rpm 


alpha: 
ftp://updates.redhat.com/6.2/en/os/alpha/imap-2001a-1.62.0.alpha.rpm 
ftp://updates.redhat.com/6.2/en/os/alpha/imap-devel-2001a-1.62.0.alpha.rpm 


i386: 
ftp://updates.redhat.com/6.2/en/os/i386/imap-2001a-1.62.0.i386.rpm 
ftp://updates.redhat.com/6.2/en/os/i386/imap-devel-2001a-1.62.0.i386.rpm 


sparc: 
ftp://updates.redhat.com/6.2/en/os/sparc/imap-2001a-1.62.0.sparc.rpm 
ftp://updates.redhat.com/6.2/en/os/sparc/imap-devel-2001a-1.62.0.sparc.rpm 


Red Hat Linux 7.0: 


SRPMS: 
ftp://updates.redhat.com/7.0/en/os/SRPMS/imap-2001a-1.70.0.src.rpm 


alpha: 
ftp://updates.redhat.com/7.0/en/os/alpha/imap-2001a-1.70.0.alpha.rpm 
ftp://updates.redhat.com/7.0/en/os/alpha/imap-devel-2001a-1.70.0.alpha.rpm 


i386: 
ftp://updates.redhat.com/7.0/en/os/i386/imap-2001a-1.70.0.i386.rpm 
ftp://updates.redhat.com/7.0/en/os/i386/imap-devel-2001a-1.70.0.i386.rpm 


Red Hat Linux 7.1: 


SRPMS: 
ftp://updates.redhat.com/7.1/en/os/SRPMS/imap-2001a-1.71.0.src.rpm 


alpha: 
ftp://updates.redhat.com/7.1/en/os/alpha/imap-2001a-1.71.0.alpha.rpm 
ftp://updates.redhat.com/7.1/en/os/alpha/imap-devel-2001a-1.71.0.alpha.rpm 


i386: 
ftp://updates.redhat.com/7.1/en/os/i386/imap-2001a-1.71.0.i386.rpm 
ftp://updates.redhat.com/7.1/en/os/i386/imap-devel-2001a-1.71.0.i386.rpm 


ia64: 
ftp://updates.redhat.com/7.1/en/os/ia64/imap-2001a-1.71.0.ia64.rpm 
ftp://updates.redhat.com/7.1/en/os/ia64/imap-devel-2001a-1.71.0.ia64.rpm 


Red Hat Linux 7.2: 


SRPMS: 
ftp://updates.redhat.com/7.2/en/os/SRPMS/imap-2001a-1.72.0.src.rpm 


i386: 
ftp://updates.redhat.com/7.2/en/os/i386/imap-2001a-1.72.0.i386.rpm 
ftp://updates.redhat.com/7.2/en/os/i386/imap-devel-2001a-1.72.0.i386.rpm 


ia64: 
ftp://updates.redhat.com/7.2/en/os/ia64/imap-2001a-1.72.0.ia64.rpm 
ftp://updates.redhat.com/7.2/en/os/ia64/imap-devel-2001a-1.72.0.ia64.rpm 




7. Verification: 


MD5 sum Package Name 
-------------------------------------------------------------------------- 
ec7794a80981a579ded00e27a416e9e2 6.2/en/os/SRPMS/imap-2001a-1.62.0.src.rpm 
98c89c190f6276474917b51112d43b60 6.2/en/os/alpha/imap-2001a-1.62.0.alpha.rpm 
62e846b2c6dbe71ecd64063a8ddef179 6.2/en/os/alpha/imap-devel-2001a-1.62.0.alpha.rpm 
105073a5d5d9cca998c16c4784432612 6.2/en/os/i386/imap-2001a-1.62.0.i386.rpm 
18307141223c8214a996fc779fc4b30f 6.2/en/os/i386/imap-devel-2001a-1.62.0.i386.rpm 
c11e86178eac2def6c7f2680d72d4362 6.2/en/os/sparc/imap-2001a-1.62.0.sparc.rpm 
0e82318b401d12f641e74afaac29b26a 6.2/en/os/sparc/imap-devel-2001a-1.62.0.sparc.rpm 
c99646d934c056062269927d68c083cb 7.0/en/os/SRPMS/imap-2001a-1.70.0.src.rpm 
c1a44a312e0ff6ddce84ab9fce8661ce 7.0/en/os/alpha/imap-2001a-1.70.0.alpha.rpm 
01240d7f239848f76671135932745480 7.0/en/os/alpha/imap-devel-2001a-1.70.0.alpha.rpm 
6f775661a7cf3320fed6954bb6fc5319 7.0/en/os/i386/imap-2001a-1.70.0.i386.rpm 
e3ee6086addf447fc7cdf257f0489d1a 7.0/en/os/i386/imap-devel-2001a-1.70.0.i386.rpm 
924b63ae2c8029355a08b3001d59cbb5 7.1/en/os/SRPMS/imap-2001a-1.71.0.src.rpm 
e3acdfb3224d30c75e9971655de7a4e1 7.1/en/os/alpha/imap-2001a-1.71.0.alpha.rpm 
9b2e89d31f7bcbb95c674972d64e8813 7.1/en/os/alpha/imap-devel-2001a-1.71.0.alpha.rpm 
dd5d21b6e461813bdeddc16a6b41b285 7.1/en/os/i386/imap-2001a-1.71.0.i386.rpm 
2d3140dfe10396bd20d04bd79b57f647 7.1/en/os/i386/imap-devel-2001a-1.71.0.i386.rpm 
5649a1d3c1d8d950c5a0272ba65faec5 7.1/en/os/ia64/imap-2001a-1.71.0.ia64.rpm 
7232061442f47e063a193d8982d12f52 7.1/en/os/ia64/imap-devel-2001a-1.71.0.ia64.rpm 
ee249743bacd07adf36b355c78066f73 7.2/en/os/SRPMS/imap-2001a-1.72.0.src.rpm 
d2d9a10cb6c8faed062da4f21d8fb7e5 7.2/en/os/i386/imap-2001a-1.72.0.i386.rpm 
21feec5a469ff71e706173199ffc3856 7.2/en/os/i386/imap-devel-2001a-1.72.0.i386.rpm 
0247d2d090596fe2b892dd6768036d7c 7.2/en/os/ia64/imap-2001a-1.72.0.ia64.rpm 
456511a67ebda4e8a73af782388a97ab 7.2/en/os/ia64/imap-devel-2001a-1.72.0.ia64.rpm 
  


These packages are GPG signed by Red Hat, Inc. for security. Our key 
is available at: 
    http://www.redhat.com/about/contact/pgpkey.html 


You can verify each package with the following command: 
    rpm --checksig <filename> 


If you only wish to verify that each package has not been corrupted or 
tampered with, examine only the md5sum with the following command: 
    rpm --checksig --nogpg <filename> 


8. References: 


http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379 




Copyright(c) 2000, 2001, 2002 Red Hat, Inc. 




Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //