Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 105458 - net-mail/mailutils format string vulnerability in imap4d
Summary: net-mail/mailutils format string vulnerability in imap4d
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: C1? [glsa] jaervosz
Depends on:
Reported: 2005-09-09 23:05 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-09-17 05:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-09 23:05:35 UTC
This patch fixes format string vulnerability in Mailutils 0.6 imap4d search   
Fix is there: 
Original advisory:
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-09 23:07:10 UTC
net-mail do we install any init script for imap4d and if so which user does it 
run as? Please advise and bump as necessary. 
Comment 2 Fernando J. Pereda (RETIRED) gentoo-dev 2005-09-10 01:57:09 UTC
No, we don't install an init script for imap4d. I'll try to bump it later.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-10 07:21:38 UTC
Rerating as C1 (marginal software with specific configuration) still it is  
rated as major severity.  
Comment 4 Fernando J. Pereda (RETIRED) gentoo-dev 2005-09-10 15:53:39 UTC
mailutils-0.6-r2 is in CVS with that patch.

Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-09-11 02:41:14 UTC
Keyworded alright, ready for GLSA
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-09-11 02:52:04 UTC
Let's have a vote, because impact is not that obvious...

Authenticated users may execute code as the user imap4d runs at. Since imap4d
apparently supports non-system auth, this may open the system to unauthorized
access... I tend to vote YES.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-11 03:08:15 UTC
We don't provide an init script and only authenticated users can supposedly 
exploit the vulnerability. I vote NO. 
Comment 8 Tavis Ormandy (RETIRED) gentoo-dev 2005-09-14 03:14:22 UTC
I vote YES, for the reasons koon mentioned.
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2005-09-14 03:18:58 UTC
yes over here, too
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-09-17 05:33:13 UTC
GLSA 200509-10