EnGarde Secure Linux Advisory: imap

47
EnGarde: “There is a buffer overflow vulnerability in imap which can allow a remote, authenticated user to execute commands as the user under which
imapd is running.”


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   June 07, 2002 |
| http://www.engardelinux.org/                          ESA-20020607-013 |
|                                                                        |
| Package:  imap                                                         |
| Summary:  Remote buffer overflow in imap daemon.                       |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

OVERVIEW
- --------
  There is a buffer overflow vulnerability in imap which can allow a
  remote, authenticated user to execute commands as the user under which
  imapd is running.

DETAIL
- ------
  Marcell Fodor discovered a buffer overflow condition in the imap
  daemon from the University of Washington.  An authenticated user could
  send a malformed request to trigger the overflow and execute commands
  as the users UID/GID.

  The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
  assigned the name CAN-2002-0379 to this issue.

SOLUTION
- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh file

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv file

UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux Community
  Edition.

  Source Packages:

    SRPMS/imap-2000c-1.0.23.src.rpm
      MD5 Sum: 0092526c93d8dbb0d52617f413f08116

  Binary Packages:

    i386/imap-2000c-1.0.23.i386.rpm
      MD5 Sum: abb2189c4168ef80dc7a1884af3bac05

    i386/imap-2000c-1.0.23.i686.rpm
      MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5

REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Marcell Fodor <m.fodor@mail.datanet.hu>

  UW IMAP's Official Web Site:
    http://www.washington.edu/imap/

  Security Contact:    security@guardiandigital.com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020607-013-imap,v 1.1 2002/06/07 14:00:00 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com> 
Copyright 2002, Guardian Digital, Inc.

------------------------------------------------------------------------
     To unsubscribe email engarde-security-request@engardelinux.org
         with "unsubscribe" in the subject of the message.

Copyright(c) 2001 Guardian Digital, Inc.                EnGardeLinux.org
------------------------------------------------------------------------