Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 193179 - mail-client/balsa < 2.3.20 ir_fetch_seq() Stack-based buffer overflow (CVE-2007-5007)
Summary: mail-client/balsa < 2.3.20 ir_fetch_seq() Stack-based buffer overflow (CVE-20...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://bugzilla.gnome.org/show_bug.cg...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-20 13:23 UTC by Robert Buchholz (RETIRED)
Modified: 2007-10-18 22:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 13:23:33 UTC
Evil Ninja Squirrel discovered a stack-based buffer overflow in balsa.

According to RedHat:
  A remote IMAP server can overflow a statically sized buffer on stack
  and possible execute arbitrary code with privilegies of user running
  Balsa with a long message name in response to FETCH command of IMAP
  protocol. ( https://bugzilla.redhat.com/297581 )
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-20 13:25:26 UTC
Gnome, please advise.
Comment 2 Daniel Gryniewicz (RETIRED) gentoo-dev 2007-09-20 15:58:58 UTC
I've bumped to balsa 2.3.20.  It seems to work in my minimal testing.  (No one in the gnome herd actually uses balsa a their mail client.)
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-20 16:50:47 UTC
Arches, please test and mark stable mail-client/balsa-2.3.20.
Target kewyords are "alpha amd64 ppc sparc x86"
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-20 18:22:23 UTC
ppc stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-21 08:20:43 UTC
x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-09-21 16:24:34 UTC
alpha stable
Comment 7 Angelo Arrifano (RETIRED) gentoo-dev 2007-09-22 18:04:45 UTC
 mail-client/balsa-2.3.20  USE="crypt gtkspell libnotify pcre ssl -debug -doc -gtkhtml -kerberos -ldap -sqlite -xface"

- Emerges on AMD64
- Sent/received mail over a POP/SMTP server. OK


- - -
Portage 2.1.3.9 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r5 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r5 x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-56
Timestamp of tree: Sat, 22 Sep 2007 16:30:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -Os -msse3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -Os -msse3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X acpi alsa amd64 bash-completion berkdb bitmap-fonts branding bzip2 cairo cli cracklib crypt cups dbus dri dvd dvdr emerald ffmpeg firefox fortran gdbm gif glade glib glitz gtk gtkspell hal iconv insecure-savers isdnlog jpeg libnotify midi mmx mmxext mp2 mp3 mpeg mudflap ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcre png pppd python readline reflection samba sdl session smp spell spl sse sse2 ssl stream svg syslog tcpd threads truetype truetype-fonts type1 type1-fonts unicode v4l v4l2 vim-syntax vorbis xcomposite xorg xosd xscreensaver xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="xosd" USERLAND="GNU" VIDEO_CARDS="nv nvidia none"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 8 Christoph Mende (RETIRED) gentoo-dev 2007-09-22 18:27:28 UTC
amd64 stable
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007-09-23 13:29:20 UTC
This is CVE-2007-5007.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-09-25 17:49:23 UTC
sparc stable
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-26 14:02:16 UTC
glsa request filed.
Comment 12 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-18 22:44:19 UTC
GLSA 200710-17