105458 – net-mail/mailutils format string vulnerability in imap4d

Bug 105458 - net-mail/mailutils format string vulnerability in imap4d

Summary: net-mail/mailutils format string vulnerability in imap4d

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://savannah.gnu.org/patch/index.p...
Whiteboard:	C1? [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-09-09 23:05 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2005-09-17 05:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-09 23:05:35 UTC

This patch fixes format string vulnerability in Mailutils 0.6 imap4d search   
command.   
 
Fix is there: 
 
http://savannah.gnu.org/patch/download.php?item_id=4407&item_file_id=5160 
  
Original advisory:  
  
http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities&flashstatus=false

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-09 23:07:10 UTC

net-mail do we install any init script for imap4d and if so which user does it 
run as? Please advise and bump as necessary.

Comment 2 Fernando J. Pereda (RETIRED) gentoo-dev

2005-09-10 01:57:09 UTC

No, we don't install an init script for imap4d. I'll try to bump it later.

Cheers,
Ferdy

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-10 07:21:38 UTC

Rerating as C1 (marginal software with specific configuration) still it is  
rated as major severity.

Comment 4 Fernando J. Pereda (RETIRED) gentoo-dev

2005-09-10 15:53:39 UTC

mailutils-0.6-r2 is in CVS with that patch.

Cheers,
Ferdy

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-09-11 02:41:14 UTC

Keyworded alright, ready for GLSA

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-09-11 02:52:04 UTC

Let's have a vote, because impact is not that obvious...

Authenticated users may execute code as the user imap4d runs at. Since imap4d
apparently supports non-system auth, this may open the system to unauthorized
access... I tend to vote YES.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-11 03:08:15 UTC

We don't provide an init script and only authenticated users can supposedly 
exploit the vulnerability. I vote NO.

Comment 8 Tavis Ormandy (RETIRED) gentoo-dev

2005-09-14 03:14:22 UTC

I vote YES, for the reasons koon mentioned.

Comment 9 Stefan Cornelius (RETIRED) gentoo-dev

2005-09-14 03:18:58 UTC

yes over here, too

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2005-09-17 05:33:13 UTC

GLSA 200509-10