Bug 134038

Summary:	net-mail/cyrus-imapd Buffer overflow
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0527.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-22 10:58:11 UTC

Summary from URL. Not sure wether stable is affected:

Cyrus-imapd pop3d Remote Stack Based Buffer Overrun 
 
Description 
 There is a trivially remotely exploitable Buffer Overrun in 
 Cyrus-imapd's pop3d. 
 The issue is not present in the default install, Cyrus-imapd has to have the 
 popsubfolders set to 1 in imapd.conf. 
  From the manpage: 
 popsubfolders: 1 
 Allow access to subfolders of INBOX via POP3 by using userid+subfolder 
 syntax as the authentication/authorization id. 
 
When popsubfolders is set one can overflow a stack buffer by sending an 
 overly long 
 USER command argument to the remote pop3d.

Comment 1 Tuan Van (RETIRED) gentoo-dev

2006-05-22 11:41:37 UTC

popsubfolders is a new option in cyrus-imapd 2.3 series <http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&searchterm=popsubfolders&msg=36365>. We do have cyrus-imapd-2.3.1 in portage but it was p.maked because 2.3 series is still a testing release.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-22 13:50:23 UTC

Thx Tuan.