Ubuntu Security Notice USN-31-1
23rd November, 2004
cyrus21-imapd vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Stefan Esser discovered several buffer overflows in the Cyrus IMAP
server. Due to insufficient checking within the argument parser of
the "partial" and "fetch" commands, an argument like "body[p" was
detected as "body.peek". This could cause a buffer overflow which
could be exploited to execute arbitrary attacker-supplied code.
This update also fixes an exploitable buffer overflow that could be
triggered in situations when memory allocation fails (i. e. when no
free memory is available any more).
Both vulnerabilities can lead to privilege escalation to root.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- cyrus21-imapd
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None
References
CVE-2004-1012, CVE-2004-1013, http://security.e-matters.de/advisories/152004.html