From security@guardiandigital.com Fri Jun 7 18:03:41 2002 From: EnGarde Secure Linux X-Sender: security@mastermind.inside.guardiandigital.com To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com Date: Fri, 7 Jun 2002 10:16:55 -0400 (EDT) Subject: [ESA-20020607-013] Remote buffer overflow in imap daemon -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory June 07, 2002 | | http://www.engardelinux.org/ ESA-20020607-013 | | | | Package: imap | | Summary: Remote buffer overflow in imap daemon. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW - -------- There is a buffer overflow vulnerability in imap which can allow a remote, authenticated user to execute commands as the user under which imapd is running. DETAIL - ------ Marcell Fodor discovered a buffer overflow condition in the imap daemon from the University of Washington. An authenticated user could send a malformed request to trigger the overflow and execute commands as the users UID/GID. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0379 to this issue. SOLUTION - -------- Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh file You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv file UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/imap-2000c-1.0.23.src.rpm MD5 Sum: 0092526c93d8dbb0d52617f413f08116 Binary Packages: i386/imap-2000c-1.0.23.i386.rpm MD5 Sum: abb2189c4168ef80dc7a1884af3bac05 i386/imap-2000c-1.0.23.i686.rpm MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5 REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Credit for the discovery of this bug goes to: Marcell Fodor UW IMAP's Official Web Site: http://www.washington.edu/imap/ Security Contact: security@guardiandigital.com EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: ESA-20020607-013-imap,v 1.1 2002/06/07 14:00:00 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple, Copyright 2002, Guardian Digital, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9AMBeHD5cqd57fu0RAoqeAKCdOB5+l/ji+sgGOd8q1GfqBQnScACcDhxX SIh5AMut+Gal6dY3pnLGOiM= =lD8d -----END PGP SIGNATURE-----