Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in imap
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in imap
ID: TLSA-2009-8
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition
Datum: Do, 12. März 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
Applikationen: GNU Mailutils

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-8
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 11 Mar 2009
Last revised: 11 Mar 2009

Package: imap

Summary: Multiple stack-based buffer overflows

More information:
The imap package provides server daemons for both IMAP (Internet Message
Access Protocol) and POP (Post Office Protocol) mail access protocols.

Multiple stack-based buffer overflows in (1) University of Washington IMAP
Toolkit 2002
through 2007c, (2) University of Washington Alpine 2.00 and earlier, and
(3) Panda IMAP
allow (a) local users to gain privileges by specifying a long folder
extension argument
on the command line to the tmail or dmail program; and (b) remote attackers
to execute
arbitrary code by sending e-mail to a destination mailbox name composed of
a username
and '+' character followed by a long string, processed by the tmail
or possibly dmail program. (CVE-2008-5005)

Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server


<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

imap-2006j2-8.src.rpm
2536339 7fce12602de0024133f2fb0c3a65f3bf

Binary Packages
Size: MD5

imap-2006j2-8.x86_64.rpm
732845 f3ace353a0655ab2d3a5bf1c43bdebe8
imap-devel-2006j2-8.x86_64.rpm
643039 847b1ae35d364f563c7f5598df2c9708
imap-utils-2006j2-8.x86_64.rpm
52018 8cdbcbe298bffba856cfdea5aea82932

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

imap-2006j2-8.src.rpm
2536339 7fce12602de0024133f2fb0c3a65f3bf

Binary Packages
Size: MD5

imap-2006j2-8.i686.rpm
710021 9403a82149e01ef2077928875e562677
imap-devel-2006j2-8.i686.rpm
594290 295227b5a921a2ea2219ca2f9fc3fc2f
imap-utils-2006j2-8.i686.rpm
48791 d0989b1b6e20ab8b4568af533a25e8a1

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

imap-2006j2-8.src.rpm
2536339 7fce12602de0024133f2fb0c3a65f3bf

Binary Packages
Size: MD5

imap-2006j2-8.x86_64.rpm
732646 e5c0e0b111f6a624142631d23e2b4469
imap-devel-2006j2-8.x86_64.rpm
643293 9b53b6ef5f487f764696bf3b9cb34509
imap-utils-2006j2-8.x86_64.rpm
52026 fc442704f3e932a7ebed3eb613dcee53

<Turbolinux 11 Server>

Source Packages
Size: MD5

imap-2006j2-8.src.rpm
2536339 7fce12602de0024133f2fb0c3a65f3bf

Binary Packages
Size: MD5

imap-2006j2-8.i686.rpm
709685 acca3dcca2a0e875eb22e17872911574
imap-devel-2006j2-8.i686.rpm
594624 3de860b3b1eee80f234eee696cb12864
imap-utils-2006j2-8.i686.rpm
48815 2e6820867db089ed29a404ec930d9f35

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

imap-2004a-8.src.rpm
2162858 8459b9cb66adf47cd225e7a5cfe9b344

Binary Packages
Size: MD5

imap-2004a-8.i586.rpm
1916332 4a6d414c0aa3b4d79530fadb6df49cdf
imap-devel-2004a-8.i586.rpm
748145 2d4b1337744f3a1d79e57e8e45d8af7b

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

imap-2004a-8.src.rpm
2162858 3b955309cf4ef1268b1adb363d0c98e1

Binary Packages
Size: MD5

imap-2004a-8.x86_64.rpm
2046410 47bb2e58d5bde14bb88a4ea1c602a12a
imap-debug-2004a-8.x86_64.rpm
1295585 5bd6f18039411108d87e4cae87e1650f
imap-devel-2004a-8.x86_64.rpm
754817 0a0a2a622c4ba0ec29eace86a5b0b5bb

<Turbolinux 10 Server>

Source Packages
Size: MD5

imap-2004a-8.src.rpm
2162858 8459b9cb66adf47cd225e7a5cfe9b344

Binary Packages
Size: MD5

imap-2004a-8.i586.rpm
1916332 4a6d414c0aa3b4d79530fadb6df49cdf
imap-debug-2004a-8.i586.rpm
1319932 508f14507dde965ce167c3656e4d0e8a
imap-devel-2004a-8.i586.rpm
748145 2d4b1337744f3a1d79e57e8e45d8af7b


References:

CVE
[CVE-2008-5005]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005

--------------------------------------------------------------------------
Revision History
11 Mar 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkm3QN8ACgkQK0LzjOqIJMxu4gCfQ4iQBTZkhzyWXLUiYChhSR8B
IqkAoKCKx3x55q1JEtnizAfHFSjhSq55
=h1Bt
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung