Ubuntu Security Notice USN-37-1
2nd December, 2004
cyrus21-imapd vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Recently another buffer overflow has been discovered in the SASL
authentication module of the Cyrus IMAP server. An off-by-one
comparison error in the mysasl_canon_user() function could lead to a
missing termination of an user name string.
This vulnerability could allow remote, attacker-supplied machine code
to be executed in the context of the affected server process. Since
the IMAP server usually runs as unprivileged user 'cyrus', there is no
possibility of root privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- cyrus21-imapd
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None