发布日期：2004-12-02
更新日期：2004-12-03

受影响系统：

Carnegie Mellon University Cyrus IMAP Server 2.1.16

描述：

---

BUGTRAQ  ID: 11738
CVE(CAN) ID: CVE-2004-1067

Cyrus IMAPD是一款免费开放源代码Interactive Mail Access Protocol (IMAP)协议实现，可使用在Unix和Linux操作系统下。

Cyrus IMAPD服务程序的SASL验证模块存在缓冲区溢出，远程攻击者可以利用这个漏洞以服务进程权限在系统上执行任意指令。

问题存在于mysasl_canon_user()函数中存在单字节对比错误，可导致确实用户名字符串终止符。漏洞允许远程攻击者提交精心构建数据以'cyrus'进程权限在系统上执行任意指令。

<*来源：Martin Pitt （martin.pitt@canonical.com）
  
  链接：http://marc.theaimsgroup.com/?l=bugtraq&m=110202757008916&w=2
*>

建议：

---

厂商补丁：

Carnegie Mellon University
--------------------------
升级程序下载：

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2.diff.gz  Size/MD5:   235236 7a90d7ad4ac770160a9891e9d1d78fa4
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2.dsc  Size/MD5:     1040 927bcc3f3f6d5ebd89ed6ca0eb6bf10a
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16.o \
rig.tar.gz  Size/MD5:  1687454 8f4ff803a910d0f4e4cfab3b13a6080d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6 \
ubuntu0.2_all.deb  Size/MD5:    87954 6a67d53239fb148a652e645a4df8eee9
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-doc_2.1.16-6ub \
untu0.2_all.deb  Size/MD5:   206582 5b01c7f365e9fd6244f9ac6fda53d841

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_amd64.deb  Size/MD5:   107038 80491bb2019d48d4af743584865d5916
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_amd64.deb  Size/MD5:  2071536 49858ca6b1f98ba862121315e182049c
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_amd64.deb  Size/MD5:   267956 c23cdf07ed433032e1e52aff0650f3b8
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_amd64.deb  Size/MD5:   591188 714d7a5ced1f53009de48c11c3e5b0be
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_amd64.deb  Size/MD5:   526740 522a06302593cabe6aff587fb6c41665
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_amd64.deb  Size/MD5:    93082 3416c83c2a7bed58f11cae29c4a3a984
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_amd64.deb  Size/MD5:   137756 2feafe3b400c06132f98a9c05f6308c7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_i386.deb  Size/MD5:   104226 280b89486ec13768ba04636484415ae5
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_i386.deb  Size/MD5:  1949446 b4d113e62f7ce2345d66e351bb4a0a26
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_i386.deb  Size/MD5:   261402 86e186b7567dbb4c1f2983cf8ee39c0d
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_i386.deb  Size/MD5:   561750 b79b30937be975264a9b3c04997c2148
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_i386.deb  Size/MD5:   493320 02d235391908f72dceb60ab585e4c817
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_i386.deb  Size/MD5:    85208 31690f0e200890b893b33121b1000950
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_i386.deb  Size/MD5:   133822 b3a297c32a6d11e18a6f90c3ccf92bb7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_powerpc.deb  Size/MD5:   106846 0ab7eaa810591f3689ae81ba44f0ab6f
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_powerpc.deb  Size/MD5:  2083576 743b5aa1f54b05e4d22de593640286f0
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_powerpc.deb  Size/MD5:   265432 c2bfc27fcf9653b0d4bfdae990119e6e
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_powerpc.deb  Size/MD5:   593504 c228969eb062341bc5fab1b01731f1f0
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_powerpc.deb  Size/MD5:   527666 c3bbf1358235ac4edd8e7b884ccbc15f
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_powerpc.deb  Size/MD5:    93268 212df47e59c3b55021ba24527c1430b1
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_powerpc.deb  Size/MD5:   135804 f862a4e9a5aaf934193221325b4fdc02

浏览次数：3526
严重程度：0（网友投票）