Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 272044 - <net-mail/up-imapproxy-1.2.6 Buffer overflow when doing AUTH LOGIN
Summary: <net-mail/up-imapproxy-1.2.6 Buffer overflow when doing AUTH LOGIN
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.imapproxy.org/downloads/Ch...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 177780
Blocks:
  Show dependency tree
 
Reported: 2009-06-01 06:41 UTC by Samuli Suominen (RETIRED)
Modified: 2014-05-31 21:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen (RETIRED) gentoo-dev 2009-06-01 06:41:23 UTC
2008-10-20  Dave McMurtrie  <davemcmurtrie@gmail.com>
	* request.c: Fixed buffer overflow condition when doing AUTH LOGIN.
	  Applied patch by Michael M. Slusarz to make internal
	  commands RFC compliant (prepend with X instead of P_).  Added
	  support for XPROXYREUSE response.

*up-imapproxy-1.2.7_rc2 (01 Jun 2009)

  01 Jun 2009; Samuli Suominen <ssuominen@gentoo.org>
  +up-imapproxy-1.2.7_rc2.ebuild:
  Version bump wrt #177780, thanks to Janne Pikkarainen for reporting.
Comment 1 Holger Hoffstätte 2009-06-01 10:51:48 UTC
Stabilizing this in its current form is a bad idea. There were TWO buffer overflows reported, but rc2 only fixes one. During compilation:

src/request.c: In function 'HandleRequest':
src/request.c:1943: warning: too few arguments for format
In function 'snprintf',
    inlined from 'cmd_authenticate_login' at src/request.c:781:
/usr/include/bits/stdio2.h:65: warning: call to __builtin___snprintf_chk will always overflow destination buffer

..and as expected it immediately crashes on startup (during the login phase).
Therefore the "second half" of the patch from bug#177780 also needs to be applied. I intentionally didn't update the build for 1.2.7 since I wanted to wait for the final version. There were also reports on the mailing list that apparently 1.2.7 has a few other problems, so I'd vote for stabilizing 1.2.6+patch instead. It has the security fixes courtesy of RedHat and has been working fine "in production" for months without a single problem.
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2009-06-01 11:20:09 UTC
Give me a minute or two.
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2009-06-01 12:13:16 UTC
OK, I've dropped keyword from the 1.2.7_rc2 and added 1.2.6 with some Debian patchset and the security fix.

Please test and mark stable 1.2.6 instead.
Comment 4 Holger Hoffstätte 2009-06-01 13:07:21 UTC
Verified that 1.2.6 works. Thank you :)
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-06-01 13:16:37 UTC
Arches, please test and mark stable:
=net-mail/up-imapproxy-1.2.6
Target keywords : "amd64 x86"
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2009-06-02 18:20:43 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2009-06-03 18:54:56 UTC
amd64 stable, all arches done.
Comment 8 Samuli Suominen (RETIRED) gentoo-dev 2009-06-03 19:44:33 UTC
Vulnerable version removed from tree.
Comment 9 Samuli Suominen (RETIRED) gentoo-dev 2009-06-05 20:27:30 UTC
Security, this solves also the https://bugzilla.redhat.com/show_bug.cgi?id=465859
Not only the one mentioned in URL..
Comment 10 Samuli Suominen (RETIRED) gentoo-dev 2010-06-24 22:31:14 UTC
any news on this one? been ready for glsa over an year now :)
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 13:01:22 UTC
GLSA request filed.
Comment 12 Sean Amoss (RETIRED) gentoo-dev Security 2014-05-31 21:01:16 UTC
This issue has been fixed since Jun 03, 2009. No GLSA will be issued.