安全研究
安全漏洞
Cyrus21-imapd远程缓冲区溢出漏洞
发布日期:2004-12-02
更新日期:2004-12-03
受影响系统:
Carnegie Mellon University Cyrus IMAP Server 2.1.16描述:
BUGTRAQ ID: 11738
CVE(CAN) ID: CVE-2004-1067
Cyrus IMAPD是一款免费开放源代码Interactive Mail Access Protocol (IMAP)协议实现,可使用在Unix和Linux操作系统下。
Cyrus IMAPD服务程序的SASL验证模块存在缓冲区溢出,远程攻击者可以利用这个漏洞以服务进程权限在系统上执行任意指令。
问题存在于mysasl_canon_user()函数中存在单字节对比错误,可导致确实用户名字符串终止符。漏洞允许远程攻击者提交精心构建数据以'cyrus'进程权限在系统上执行任意指令。
<*来源:Martin Pitt (martin.pitt@canonical.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110202757008916&w=2
*>
建议:
厂商补丁:
Carnegie Mellon University
--------------------------
升级程序下载:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2.diff.gz Size/MD5: 235236 7a90d7ad4ac770160a9891e9d1d78fa4
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2.dsc Size/MD5: 1040 927bcc3f3f6d5ebd89ed6ca0eb6bf10a
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16.o \
rig.tar.gz Size/MD5: 1687454 8f4ff803a910d0f4e4cfab3b13a6080d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6 \
ubuntu0.2_all.deb Size/MD5: 87954 6a67d53239fb148a652e645a4df8eee9
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-doc_2.1.16-6ub \
untu0.2_all.deb Size/MD5: 206582 5b01c7f365e9fd6244f9ac6fda53d841
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_amd64.deb Size/MD5: 107038 80491bb2019d48d4af743584865d5916
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_amd64.deb Size/MD5: 2071536 49858ca6b1f98ba862121315e182049c
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_amd64.deb Size/MD5: 267956 c23cdf07ed433032e1e52aff0650f3b8
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_amd64.deb Size/MD5: 591188 714d7a5ced1f53009de48c11c3e5b0be
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_amd64.deb Size/MD5: 526740 522a06302593cabe6aff587fb6c41665
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_amd64.deb Size/MD5: 93082 3416c83c2a7bed58f11cae29c4a3a984
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_amd64.deb Size/MD5: 137756 2feafe3b400c06132f98a9c05f6308c7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_i386.deb Size/MD5: 104226 280b89486ec13768ba04636484415ae5
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_i386.deb Size/MD5: 1949446 b4d113e62f7ce2345d66e351bb4a0a26
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_i386.deb Size/MD5: 261402 86e186b7567dbb4c1f2983cf8ee39c0d
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_i386.deb Size/MD5: 561750 b79b30937be975264a9b3c04997c2148
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_i386.deb Size/MD5: 493320 02d235391908f72dceb60ab585e4c817
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_i386.deb Size/MD5: 85208 31690f0e200890b893b33121b1000950
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_i386.deb Size/MD5: 133822 b3a297c32a6d11e18a6f90c3ccf92bb7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16 \
-6ubuntu0.2_powerpc.deb Size/MD5: 106846 0ab7eaa810591f3689ae81ba44f0ab6f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16- \
6ubuntu0.2_powerpc.deb Size/MD5: 2083576 743b5aa1f54b05e4d22de593640286f0
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ub \
untu0.2_powerpc.deb Size/MD5: 265432 c2bfc27fcf9653b0d4bfdae990119e6e
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6 \
ubuntu0.2_powerpc.deb Size/MD5: 593504 c228969eb062341bc5fab1b01731f1f0
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16- \
6ubuntu0.2_powerpc.deb Size/MD5: 527666 c3bbf1358235ac4edd8e7b884ccbc15f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6 \
ubuntu0.2_powerpc.deb Size/MD5: 93268 212df47e59c3b55021ba24527c1430b1
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2 \
.1.16-6ubuntu0.2_powerpc.deb Size/MD5: 135804 f862a4e9a5aaf934193221325b4fdc02
浏览次数:3601
严重程度:0(网友投票)
绿盟科技给您安全的保障