Summary: | <net-mail/up-imapproxy-1.2.6 Buffer overflow when doing AUTH LOGIN | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Samuli Suominen (RETIRED) <ssuominen> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | holger |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.imapproxy.org/downloads/ChangeLog | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 177780 | ||
Bug Blocks: |
Description
Samuli Suominen (RETIRED)
2009-06-01 06:41:23 UTC
Stabilizing this in its current form is a bad idea. There were TWO buffer overflows reported, but rc2 only fixes one. During compilation: src/request.c: In function 'HandleRequest': src/request.c:1943: warning: too few arguments for format In function 'snprintf', inlined from 'cmd_authenticate_login' at src/request.c:781: /usr/include/bits/stdio2.h:65: warning: call to __builtin___snprintf_chk will always overflow destination buffer ..and as expected it immediately crashes on startup (during the login phase). Therefore the "second half" of the patch from bug#177780 also needs to be applied. I intentionally didn't update the build for 1.2.7 since I wanted to wait for the final version. There were also reports on the mailing list that apparently 1.2.7 has a few other problems, so I'd vote for stabilizing 1.2.6+patch instead. It has the security fixes courtesy of RedHat and has been working fine "in production" for months without a single problem. Give me a minute or two. OK, I've dropped keyword from the 1.2.7_rc2 and added 1.2.6 with some Debian patchset and the security fix. Please test and mark stable 1.2.6 instead. Verified that 1.2.6 works. Thank you :) Arches, please test and mark stable: =net-mail/up-imapproxy-1.2.6 Target keywords : "amd64 x86" x86 stable amd64 stable, all arches done. Vulnerable version removed from tree. Security, this solves also the https://bugzilla.redhat.com/show_bug.cgi?id=465859 Not only the one mentioned in URL.. any news on this one? been ready for glsa over an year now :) GLSA request filed. This issue has been fixed since Jun 03, 2009. No GLSA will be issued. |