Bug 109381 - mail-mta/xmail: security update + init script forgets to copy resolve libs
Bug#: 109381 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: quinox_san_@hotmail.com
Component: Vulnerabilities
URL: 
Summary: mail-mta/xmail: security update + init script forgets to copy resolve libs
Keywords:  
Status Whiteboard: B1 [glsa]
Opened: 2005-10-15 10:06 0000
Description:   Opened: 2005-10-15 10:06 0000 
After upgrading packages on my system the XMail server didn't download pop3link
mail any more - in debug mode it would print messages like this:

<<
ErrCode   = -40
ErrString = Invalid server address
ErrInfo   = ***.homelinux.net
[PSYNC/MASQ] MasqDomain = "qtea.nl,qtea.nl" - RmtDomain = "***.homelinux.net" -
RmtName = "quinox" Failed !
>>

After some testing I found out that wget had the same problem in the chrooted
directory, and after some googling I found
http://blog.gmane.org/gmane.comp.apache.mod-security.user/day=20040711 . Copying
those 3 files mentioned in that post:

libnss_dns.so.2
libnss_files.so.2
libresolv.so.2

to the /chroot/xmail/lib directory fixed my problem.

ATM the init script copies all libs mentioned in ldd XMail - The resolve libs
are not listed there. IMO these will have to be copied by the init.d script too
before starting XMail

PS: 

XMail 1.22 has been released a few days ago and isn't in portage yet - it has a
security update to fix a buffer overflow with the local sendmail prog
(CAN-2005-2943):

http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22
http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Ceesjan Luiten 2005-12-10 03:36:30 0000 ------- 
Noone ? It is kind of bad if we leave an exploitable version of a mail server
in
portage for this long :/

------- Comment #2 From Andrea Barisani (RETIRED) 2005-12-10 04:00:43 0000 ------- 
1.22 is masked in the tree (wait a few minutes for mirrors to pick it up),
could
you please test it and see if it works for you so that I can remove the vuln
package and have the sec team issuing a GLSA?

(Moving to Security)

------- Comment #3 From Ceesjan Luiten 2005-12-10 05:10:39 0000 ------- 
It compiles without any problems and it runs fine :)

------- Comment #4 From Thierry Carrez (RETIRED) 2005-12-11 10:01:06 0000 ------- 
x86 or maintainer can go ahead and mark stable

------- Comment #5 From Thierry Carrez (RETIRED) 2005-12-12 07:23:57 0000 ------- 
CVE-2005-2943
Local exploitation of a buffer overflow vulnerability in XMail, as
distributed with multiple vendors' operating systems, allows local
attackers to execute arbitrary code with elevated privileges.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-12-14 09:52:40 0000 ------- 
GLSA 200512-05