Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 382349 (CVE-2011-3208) - <net-mail/cyrus-imapd-2.4.11 remotely exploitable buffer overflow in nntpd (CVE-2011-3208)
Summary: <net-mail/cyrus-imapd-2.4.11 remotely exploitable buffer overflow in nntpd (C...
Status: RESOLVED FIXED
Alias: CVE-2011-3208
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://git.cyrusimap.org/cyrus-imapd/...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-09 07:14 UTC by Eray Aslan
Modified: 2011-10-22 04:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eray Aslan gentoo-dev 2011-09-09 07:14:43 UTC 
A remotely exploitable buffer overflow flaw was found in Cyrus' nntpd.  A
malicious NNTP client would be able to exploit this to execute arbitrary code
on a vulnerable nntpd server.  If the 'allowanonymouslogin' option was set in
imapd.conf, it could be done without authentication.

Reproducible: Always
Comment 1 Eray Aslan gentoo-dev 2011-09-09 07:32:04 UTC 
+*cyrus-imapd-2.4.11 (09 Sep 2011)
+
+  09 Sep 2011; Eray Aslan <eras@gentoo.org> +cyrus-imapd-2.4.11.ebuild:
+  version bump - security bug #382349
+

@security: We should stabilize =net-mail/cyrus-imapd-2.4.11.  Thank you.
Comment 2 Agostino Sarubbo gentoo-dev 2011-09-09 09:42:49 UTC 
Thanks Eray.


Arches, please test and mark stable :

=net-mail/cyrus-imapd-2.4.11
target KEYWORDS : "amd64 hppa ppc64 ppc sparc x86"
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-09-09 15:13:18 UTC 
(In reply to comment #0)
> If the 'allowanonymouslogin' option was set in
> imapd.conf, it could be done without authentication.
> 

Thanks, Eray. Is this option enabled by default?
Comment 4 Eray Aslan gentoo-dev 2011-09-10 05:49:04 UTC 
(In reply to comment #3)
> Thanks, Eray. Is this option enabled by default?

No, it is off by default.
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-09-10 09:20:29 UTC 
amd64:

cyrus started ok,  package emerged ok.  Pass
Comment 6 Agostino Sarubbo gentoo-dev 2011-09-10 09:28:43 UTC 
works now, amd64 ok
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2011-09-10 17:51:48 UTC 
Stable for HPPA.
Comment 8 Markus Meier gentoo-dev 2011-09-12 21:07:17 UTC 
amd64/x86 stable, thanks Ian and Agostino
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-09-24 16:19:19 UTC 
sparc stable
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-09-27 18:10:14 UTC 
ppc/ppc64 stable, last arch done
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-09-27 20:27:32 UTC 
Thanks, folks. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:48:19 UTC 
CVE-2011-3208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3208):
  Stack-based buffer overflow in the split_wildmats function in nntpd.c in
  nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows
  remote attackers to execute arbitrary code via a crafted NNTP command.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-10-22 04:34:14 UTC 
This issue was resolved and addressed in
 GLSA 201110-16 at http://security.gentoo.org/glsa/glsa-201110-16.xml
by GLSA coordinator Tim Sammut (underling).